VYPR

Vendor CVEs

Microfocus

All CVEs

2,294 total · sorted by risk
  • CVE-2024-41913Aug 6, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.

  • CVE-2022-27540Jun 28, 2024
    risk 0.00cvss epss 0.00

    A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential…

  • CVE-2022-37020Jun 10, 2024
    risk 0.00cvss epss 0.00

    Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

  • CVE-2024-2301May 23, 2024
    risk 0.00cvss epss 0.00

    Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.

  • CVE-2023-52805May 21, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required.

  • CVE-2024-28893May 1, 2024
    risk 0.00cvss epss 0.00

    Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).

  • CVE-2023-4063Mar 22, 2024
    risk 0.00cvss epss 0.01

    Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.

  • CVE-2020-11862Mar 13, 2024
    risk 0.00cvss epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.

  • CVE-2023-52601Mar 6, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add the required check added the bool is_ctl which is required to…

  • CVE-2023-52599Mar 6, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm:…

  • CVE-2024-1869Mar 1, 2024
    risk 0.00cvss epss 0.02

    Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.

  • CVE-2024-0407Feb 20, 2024
    risk 0.00cvss epss 0.00

    Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's…

  • CVE-2024-1470Feb 20, 2024
    risk 0.00cvss epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.

  • CVE-2024-25123Feb 15, 2024
    risk 0.00cvss epss 0.00

    MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different…

  • CVE-2024-0622Feb 15, 2024
    risk 0.00cvss epss 0.00

    Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. 

  • CVE-2022-48219Feb 14, 2024
    risk 0.00cvss epss 0.00

    Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

  • CVE-2015-8317Dec 15, 2015
    risk 0.00cvss epss 0.06

    The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

  • CVE-2015-8242Dec 15, 2015
    risk 0.00cvss epss 0.04

    The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

  • CVE-2015-7500Dec 15, 2015
    risk 0.00cvss epss 0.06

    The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

  • CVE-2015-7498Dec 15, 2015
    risk 0.00cvss epss 0.07

    Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

  • CVE-2015-7497Dec 15, 2015
    risk 0.00cvss epss 0.07

    Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

  • CVE-2015-5312Dec 15, 2015
    risk 0.00cvss epss 0.05

    The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

  • CVE-2015-6857Nov 26, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.

  • CVE-2015-5451Nov 23, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2015-5255Nov 18, 2015
    risk 0.00cvss epss 0.04

    Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to…

  • CVE-2015-7942Nov 18, 2015
    risk 0.00cvss epss 0.05

    The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a…

  • CVE-2015-5441Nov 12, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-6867Nov 4, 2015
    risk 0.00cvss epss 0.05

    The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.

  • CVE-2015-6030Nov 4, 2015
    risk 0.00cvss epss 0.01

    HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

  • CVE-2015-6029Nov 4, 2015
    risk 0.00cvss epss 0.04

    HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.

  • CVE-2015-2903Nov 4, 2015
    risk 0.00cvss epss 0.01

    The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.

  • CVE-2015-2902Nov 4, 2015
    risk 0.00cvss epss 0.02

    HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.

  • CVE-2015-5448Oct 26, 2015
    risk 0.00cvss epss 0.00

    HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2015-5444Oct 18, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-5443Oct 12, 2015
    risk 0.00cvss epss 0.01

    HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2015-5435Sep 30, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.

  • CVE-2015-5442Sep 29, 2015
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.

  • CVE-2015-5440Sep 16, 2015
    risk 0.00cvss epss 0.01

    HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2015-2136Sep 16, 2015
    risk 0.00cvss epss 0.02

    HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.

  • CVE-2015-5426Sep 16, 2015
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.

  • CVE-2015-5367Aug 27, 2015
    risk 0.00cvss epss 0.01

    The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.

  • CVE-2015-5433Aug 27, 2015
    risk 0.00cvss epss 0.02

    HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2015-5432Aug 27, 2015
    risk 0.00cvss epss 0.04

    HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2015-5431Aug 27, 2015
    risk 0.00cvss epss 0.02

    HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2015-5430Aug 27, 2015
    risk 0.00cvss epss 0.03

    HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-5429Aug 27, 2015
    risk 0.00cvss epss 0.04

    HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.

  • CVE-2015-5428Aug 27, 2015
    risk 0.00cvss epss 0.04

    HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.

  • CVE-2015-5427Aug 27, 2015
    risk 0.00cvss epss 0.04

    HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.

  • CVE-2015-5405Aug 27, 2015
    risk 0.00cvss epss 0.02

    HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

  • CVE-2015-5404Aug 27, 2015
    risk 0.00cvss epss 0.04

    HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

Page 29 of 46