VYPR

Vendor CVEs

Microfocus

All CVEs

2,275 total · sorted by risk
  • CVE-2025-1697Apr 18, 2025
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to…

  • CVE-2025-2268Mar 14, 2025
    risk 0.00cvss epss 0.00

    The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).

  • CVE-2025-26508Feb 14, 2025
    risk 0.00cvss epss 0.01

    Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

  • CVE-2025-26507Feb 14, 2025
    risk 0.00cvss epss 0.01

    Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

  • CVE-2025-26506Feb 14, 2025
    risk 0.00cvss epss 0.01

    Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

  • CVE-2025-1004Feb 6, 2025
    risk 0.00cvss epss 0.00

    Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol).

  • CVE-2021-38116Nov 22, 2024
    risk 0.00cvss epss 0.01

    Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5

  • CVE-2021-38117Nov 22, 2024
    risk 0.00cvss epss 0.01

    Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.

  • CVE-2021-38118Nov 22, 2024
    risk 0.00cvss epss 0.00

    Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.

  • CVE-2021-38119Nov 22, 2024
    risk 0.00cvss epss 0.00

    Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.

  • CVE-2021-38134Nov 22, 2024
    risk 0.00cvss epss 0.00

    Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000.

  • CVE-2021-38135Nov 22, 2024
    risk 0.00cvss epss 0.00

    Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.

  • CVE-2022-26324Nov 22, 2024
    risk 0.00cvss epss 0.00

    Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000.

  • CVE-2023-24466Nov 22, 2024
    risk 0.00cvss epss 0.01

    Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.

  • CVE-2023-24467Nov 22, 2024
    risk 0.00cvss epss 0.01

    Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.

  • CVE-2024-9841Nov 8, 2024
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2024-9419Oct 30, 2024
    risk 0.00cvss epss 0.01

    Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could…

  • CVE-2024-5532Oct 28, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.  The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the…

  • CVE-2024-5749Oct 15, 2024
    risk 0.00cvss epss 0.01

    Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.

  • CVE-2024-9423Oct 2, 2024
    risk 0.00cvss epss 0.01

    Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs.

  • CVE-2024-5760Sep 11, 2024
    risk 0.00cvss epss 0.00

    The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.

  • CVE-2024-4554Aug 28, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1.

  • CVE-2024-4555Aug 28, 2024
    risk 0.00cvss epss 0.00

    Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1

  • CVE-2024-4556Aug 28, 2024
    risk 0.00cvss epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.

  • CVE-2024-7720Aug 27, 2024
    risk 0.00cvss epss 0.01

    HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.

  • CVE-2020-11847Aug 21, 2024
    risk 0.00cvss epss 0.00

    SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

  • CVE-2020-11846Aug 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.

  • CVE-2020-11850Aug 21, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6

  • CVE-2024-41912Aug 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.

  • CVE-2024-41911Aug 6, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.

  • CVE-2024-41910Aug 6, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.

  • CVE-2024-41913Aug 6, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.

  • CVE-2022-27540Jun 28, 2024
    risk 0.00cvss epss 0.00

    A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential…

  • CVE-2022-37020Jun 10, 2024
    risk 0.00cvss epss 0.00

    Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

  • CVE-2024-2301May 23, 2024
    risk 0.00cvss epss 0.00

    Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.

  • CVE-2023-52805May 21, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required.

  • CVE-2024-28893May 1, 2024
    risk 0.00cvss epss 0.00

    Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).

  • CVE-2023-4063Mar 22, 2024
    risk 0.00cvss epss 0.01

    Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.

  • CVE-2020-11862Mar 13, 2024
    risk 0.00cvss epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.

  • CVE-2023-52601Mar 6, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add the required check added the bool is_ctl which is required to…

  • CVE-2023-52599Mar 6, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm:…

  • CVE-2024-1869Mar 1, 2024
    risk 0.00cvss epss 0.02

    Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.

  • CVE-2024-0407Feb 20, 2024
    risk 0.00cvss epss 0.00

    Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's…

  • CVE-2024-1470Feb 20, 2024
    risk 0.00cvss epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.

  • CVE-2024-25123Feb 15, 2024
    risk 0.00cvss epss 0.00

    MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different…

  • CVE-2024-0622Feb 15, 2024
    risk 0.00cvss epss 0.00

    Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. 

  • CVE-2022-48219Feb 14, 2024
    risk 0.00cvss epss 0.00

    Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

  • CVE-2015-8317Dec 15, 2015
    risk 0.00cvss epss 0.06

    The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

  • CVE-2015-8242Dec 15, 2015
    risk 0.00cvss epss 0.04

    The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

  • CVE-2015-7500Dec 15, 2015
    risk 0.00cvss epss 0.06

    The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

Page 28 of 46