VYPR

Vendor CVEs

Microfocus

All CVEs

2,280 total · sorted by risk
  • CVE-2024-12111HigDec 19, 2024
    risk 0.52cvss 8.0epss 0.00

    In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)

  • CVE-2024-8733HigOct 2, 2024
    risk 0.52cvss 8.0epss 0.00

    A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.

  • CVE-2018-5925HigAug 13, 2018
    risk 0.52cvss 7.8epss 0.11

    A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

  • CVE-2016-3092HigJul 4, 2016
    risk 0.52cvss 7.5epss 0.36

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long…

  • CVE-2016-4371HigJun 19, 2016
    risk 0.52cvss 8.0epss 0.01

    HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,…

  • CVE-2016-1991HigMar 16, 2016
    risk 0.52cvss 8.0epss 0.02

    HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.

  • CVE-2026-8632HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.01

    A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.

  • CVE-2026-2123HigMar 31, 2026
    risk 0.51cvss 7.8epss 0.00

    A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting…

  • CVE-2024-43858HigAug 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree

  • CVE-2016-4397HigAug 6, 2018
    risk 0.51cvss 7.8epss 0.01

    A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.

  • CVE-2017-3210HigJul 24, 2018
    risk 0.51cvss 7.8epss 0.01

    Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These…

  • CVE-2016-2246HigDec 29, 2016
    risk 0.51cvss 7.8epss 0.01

    HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.

  • CVE-2016-4386HigSep 29, 2016
    risk 0.51cvss 7.8epss 0.01

    HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.

  • CVE-2016-1990HigMar 16, 2016
    risk 0.51cvss 7.8epss 0.00

    HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.

  • CVE-2016-2243HigMar 4, 2016
    risk 0.51cvss 7.9epss 0.00

    Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

  • CVE-2015-6859HigJan 5, 2016
    risk 0.51cvss 7.8epss 0.00

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.

  • CVE-2002-1796HigDec 31, 2002
    risk 0.51cvss 7.8epss 0.00

    ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

  • CVE-1999-0022HigJul 3, 1996
    risk 0.51cvss 7.8epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via expstr() function.

  • CVE-2024-5202HigMay 23, 2024
    risk 0.50cvss 7.7epss 0.00

    Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices

  • CVE-2017-3733HigMay 4, 2017
    risk 0.50cvss 7.5epss 0.13

    During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

  • CVE-2016-5388HigJul 19, 2016
    risk 0.50cvss 8.1epss 0.51

    Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…

  • CVE-2016-4447HigJun 9, 2016
    risk 0.50cvss 7.5epss 0.14

    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

  • CVE-2016-1996HigMar 18, 2016
    risk 0.50cvss 7.7epss 0.01

    HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2015-3200HigJun 9, 2015
    risk 0.50cvss 7.5epss 0.10

    mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2026-39455HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors.  Note: Software versions which have reached End of Technical…

  • CVE-2025-60805HigOct 28, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.

  • CVE-2018-6505HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.03

    A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.

  • CVE-2018-6500HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.04

    A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.

  • CVE-2018-7686HigAug 9, 2018
    risk 0.49cvss 7.5epss 0.01

    Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.

  • CVE-2018-7683HigJun 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

  • CVE-2018-9028HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.

  • CVE-2018-9026HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.

  • CVE-2018-9025HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.

  • CVE-2017-7425HigNov 6, 2017
    risk 0.49cvss 7.6epss 0.01

    Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.

  • CVE-2017-9272HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.01

    The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.

  • CVE-2017-9281HigSep 21, 2017
    risk 0.49cvss 7.5epss 0.01

    An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.

  • CVE-2015-5436HigMay 11, 2017
    risk 0.49cvss 7.5epss 0.02

    A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in…

  • CVE-2017-5186HigApr 27, 2017
    risk 0.49cvss 7.5epss 0.01

    Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.

  • CVE-2017-5185HigMar 30, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.

  • CVE-2016-5754HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.01

    Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.

  • CVE-2016-5752HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.01

    The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.

  • CVE-2016-4396HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

  • CVE-2016-4395HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

  • CVE-2016-4378HigAug 26, 2016
    risk 0.49cvss 7.5epss 0.03

    The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before…

  • CVE-2016-4367HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4365HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4361HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow…

  • CVE-2016-2027HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

  • CVE-2016-2026HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

Page 4 of 46