VYPR

Vendor CVEs

Microfocus

All CVEs

2,280 total · sorted by risk
  • CVE-2017-13982HigSep 30, 2017
    risk 0.57cvss 8.8epss 0.03

    A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.

  • CVE-2017-7423HigAug 21, 2017
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is…

  • CVE-2017-5187HigAug 21, 2017
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote…

  • CVE-2017-7431HigMay 3, 2017
    risk 0.57cvss 8.8epss 0.01

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.

  • CVE-2016-5758HigMar 23, 2017
    risk 0.57cvss 8.8epss 0.01

    A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.

  • CVE-2016-5750HigMar 23, 2017
    risk 0.57cvss 8.8epss 0.01

    The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.

  • CVE-2016-1597HigMar 23, 2017
    risk 0.57cvss 8.8epss 0.01

    A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.

  • CVE-2016-5387HigJul 19, 2016
    risk 0.57cvss 8.1epss 0.56

    The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP…

  • CVE-2016-5385HigJul 19, 2016
    risk 0.57cvss 8.1epss 0.50

    PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an…

  • CVE-2016-4369HigJun 8, 2016
    risk 0.57cvss 8.8epss 0.02

    HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-3710HigMay 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

  • CVE-2016-2009HigMay 7, 2016
    risk 0.57cvss 8.8epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

  • CVE-2015-5445HigJan 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2024-10923HigNov 12, 2024
    risk 0.56cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code execution attack. This issue affects ALM Octane Management: from…

  • CVE-2016-4384HigSep 21, 2016
    risk 0.56cvss 8.6epss 0.04

    HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2025-10577HigOct 15, 2025
    risk 0.55cvss epss 0.00

    Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities

  • CVE-2025-3478HigAug 25, 2025
    risk 0.55cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.

  • CVE-2025-43490HigAug 15, 2025
    risk 0.55cvss epss 0.00

    A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

  • CVE-2025-1003HigFeb 4, 2025
    risk 0.55cvss epss 0.00

    A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.

  • CVE-2016-4383HigJun 27, 2017
    risk 0.55cvss 8.4epss 0.03

    The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

  • CVE-2016-4364HigJun 8, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.

  • CVE-2016-1593HigApr 22, 2016
    risk 0.55cvss 7.2epss 0.64

    Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a…

  • CVE-2015-6862HigJan 8, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

  • CVE-2015-6860HigJan 5, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.

  • CVE-2017-14355HigDec 5, 2017
    risk 0.54cvss 7.8epss 0.02

    A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.

  • CVE-2016-0778HigJan 14, 2016
    risk 0.54cvss 8.1epss 0.20

    The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a…

  • CVE-2004-0940HigFeb 9, 2005
    risk 0.54cvss 7.8epss 0.05

    Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

  • CVE-2024-4190HigJun 11, 2024
    risk 0.53cvss 8.1epss 0.00

    Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited.

  • CVE-2024-1174HigMar 1, 2024
    risk 0.53cvss 8.2epss 0.00

    Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities.

  • CVE-2018-6491HigApr 24, 2018
    risk 0.53cvss 8.1epss 0.01

    Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.

  • CVE-2018-6488HigFeb 22, 2018
    risk 0.53cvss 8.1epss 0.02

    Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

  • CVE-2017-13989HigSep 30, 2017
    risk 0.53cvss 8.1epss 0.01

    An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

  • CVE-2015-0839HigAug 2, 2017
    risk 0.53cvss 8.1epss 0.06

    The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.

  • CVE-2016-4390HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.

  • CVE-2016-4389HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.

  • CVE-2016-4388HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.

  • CVE-2016-4387HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.09

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.

  • CVE-2016-4377HigAug 22, 2016
    risk 0.53cvss 8.1epss 0.07

    HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP…

  • CVE-2016-4362HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2016-4358HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.01

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.

  • CVE-2016-4357HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.

  • CVE-2016-2030HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.

  • CVE-2016-2028HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.

  • CVE-2016-2022HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.

  • CVE-2016-2021HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2020HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2019HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2017HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2014HigMay 7, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

  • CVE-2016-1993HigMar 18, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

Page 3 of 46