Vendor CVEs
Microfocus
All CVEs
2,280 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12111 | Hig | 0.52 | 8.0 | 0.00 | Dec 19, 2024 | In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) | ||
| CVE-2024-8733 | Hig | 0.52 | 8.0 | 0.00 | Oct 2, 2024 | A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. | ||
| CVE-2018-5925 | Hig | 0.52 | 7.8 | 0.11 | Aug 13, 2018 | A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution. | ||
| CVE-2016-3092 | Hig | 0.52 | 7.5 | 0.36 | Jul 4, 2016 | The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long… | ||
| CVE-2016-4371 | Hig | 0.52 | 8.0 | 0.01 | Jun 19, 2016 | HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,… | ||
| CVE-2016-1991 | Hig | 0.52 | 8.0 | 0.02 | Mar 16, 2016 | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. | ||
| CVE-2026-8632 | Hig | 0.51 | 7.8 | 0.01 | May 20, 2026 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection. | ||
| CVE-2026-2123 | Hig | 0.51 | 7.8 | 0.00 | Mar 31, 2026 | A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting… | ||
| CVE-2024-43858 | Hig | 0.51 | 7.8 | 0.00 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree | ||
| CVE-2016-4397 | Hig | 0.51 | 7.8 | 0.01 | Aug 6, 2018 | A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. | ||
| CVE-2017-3210 | Hig | 0.51 | 7.8 | 0.01 | Jul 24, 2018 | Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These… | ||
| CVE-2016-2246 | Hig | 0.51 | 7.8 | 0.01 | Dec 29, 2016 | HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | ||
| CVE-2016-4386 | Hig | 0.51 | 7.8 | 0.01 | Sep 29, 2016 | HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | ||
| CVE-2016-1990 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2016 | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | ||
| CVE-2016-2243 | Hig | 0.51 | 7.9 | 0.00 | Mar 4, 2016 | Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. | ||
| CVE-2015-6859 | Hig | 0.51 | 7.8 | 0.00 | Jan 5, 2016 | HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. | ||
| CVE-2002-1796 | Hig | 0.51 | 7.8 | 0.00 | Dec 31, 2002 | ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | ||
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.01 | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. | ||
| CVE-2024-5202 | Hig | 0.50 | 7.7 | 0.00 | May 23, 2024 | Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices | ||
| CVE-2017-3733 | Hig | 0.50 | 7.5 | 0.13 | May 4, 2017 | During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | ||
| CVE-2016-5388 | Hig | 0.50 | 8.1 | 0.51 | Jul 19, 2016 | Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote… | ||
| CVE-2016-4447 | Hig | 0.50 | 7.5 | 0.14 | Jun 9, 2016 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | ||
| CVE-2016-1996 | Hig | 0.50 | 7.7 | 0.01 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2015-3200 | Hig | 0.50 | 7.5 | 0.10 | Jun 9, 2015 | mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | ||
| CVE-2004-0079 | Hig | 0.50 | 7.5 | 0.10 | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||
| CVE-2026-39455 | Hig | 0.49 | 7.5 | 0.00 | May 13, 2026 | When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical… | ||
| CVE-2025-60805 | Hig | 0.49 | 7.5 | 0.00 | Oct 28, 2025 | An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml. | ||
| CVE-2018-6505 | Hig | 0.49 | 7.5 | 0.03 | Sep 20, 2018 | A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads. | ||
| CVE-2018-6500 | Hig | 0.49 | 7.5 | 0.04 | Sep 20, 2018 | A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal. | ||
| CVE-2018-7686 | Hig | 0.49 | 7.5 | 0.01 | Aug 9, 2018 | Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | ||
| CVE-2018-7683 | Hig | 0.49 | 7.5 | 0.01 | Jun 21, 2018 | Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | ||
| CVE-2018-9028 | Hig | 0.49 | 7.5 | 0.01 | Jun 18, 2018 | Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | ||
| CVE-2018-9026 | Hig | 0.49 | 7.5 | 0.01 | Jun 18, 2018 | A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | ||
| CVE-2018-9025 | Hig | 0.49 | 7.5 | 0.01 | Jun 18, 2018 | An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | ||
| CVE-2017-7425 | Hig | 0.49 | 7.6 | 0.01 | Nov 6, 2017 | Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. | ||
| CVE-2017-9272 | Hig | 0.49 | 7.5 | 0.01 | Oct 6, 2017 | The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | ||
| CVE-2017-9281 | Hig | 0.49 | 7.5 | 0.01 | Sep 21, 2017 | An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | ||
| CVE-2015-5436 | Hig | 0.49 | 7.5 | 0.02 | May 11, 2017 | A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in… | ||
| CVE-2017-5186 | Hig | 0.49 | 7.5 | 0.01 | Apr 27, 2017 | Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | ||
| CVE-2017-5185 | Hig | 0.49 | 7.5 | 0.02 | Mar 30, 2017 | A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | ||
| CVE-2016-5754 | Hig | 0.49 | 7.5 | 0.01 | Mar 23, 2017 | Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. | ||
| CVE-2016-5752 | Hig | 0.49 | 7.5 | 0.01 | Mar 23, 2017 | The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester. | ||
| CVE-2016-4396 | Hig | 0.49 | 7.5 | 0.04 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | ||
| CVE-2016-4395 | Hig | 0.49 | 7.5 | 0.04 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | ||
| CVE-2016-4378 | Hig | 0.49 | 7.5 | 0.03 | Aug 26, 2016 | The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before… | ||
| CVE-2016-4367 | Hig | 0.49 | 7.5 | 0.08 | Jun 8, 2016 | The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-4365 | Hig | 0.49 | 7.5 | 0.04 | Jun 8, 2016 | HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-4361 | Hig | 0.49 | 7.5 | 0.08 | Jun 8, 2016 | HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow… | ||
| CVE-2016-2027 | Hig | 0.49 | 7.5 | 0.04 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026. | ||
| CVE-2016-2026 | Hig | 0.49 | 7.5 | 0.04 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027. |
- risk 0.52cvss 8.0epss 0.00
In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)
- risk 0.52cvss 8.0epss 0.00
A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.
- risk 0.52cvss 7.8epss 0.11
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.
- risk 0.52cvss 7.5epss 0.36
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long…
- risk 0.52cvss 8.0epss 0.01
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,…
- risk 0.52cvss 8.0epss 0.02
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
- risk 0.51cvss 7.8epss 0.01
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.
- risk 0.51cvss 7.8epss 0.00
A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree
- risk 0.51cvss 7.8epss 0.01
A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.
- risk 0.51cvss 7.8epss 0.01
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These…
- risk 0.51cvss 7.8epss 0.01
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
- risk 0.51cvss 7.8epss 0.01
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
- risk 0.51cvss 7.9epss 0.00
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.
- risk 0.51cvss 7.8epss 0.00
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
- risk 0.51cvss 7.8epss 0.00
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
- risk 0.51cvss 7.8epss 0.01
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
- risk 0.50cvss 7.7epss 0.00
Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices
- risk 0.50cvss 7.5epss 0.13
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
- risk 0.50cvss 8.1epss 0.51
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…
- risk 0.50cvss 7.5epss 0.14
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
- risk 0.50cvss 7.7epss 0.01
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.50cvss 7.5epss 0.10
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
- risk 0.50cvss 7.5epss 0.10
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
- risk 0.49cvss 7.5epss 0.00
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical…
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.
- risk 0.49cvss 7.5epss 0.03
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
- risk 0.49cvss 7.5epss 0.04
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.
- risk 0.49cvss 7.5epss 0.01
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
- risk 0.49cvss 7.5epss 0.01
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
- risk 0.49cvss 7.5epss 0.01
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
- risk 0.49cvss 7.5epss 0.01
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
- risk 0.49cvss 7.5epss 0.01
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
- risk 0.49cvss 7.6epss 0.01
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
- risk 0.49cvss 7.5epss 0.01
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.
- risk 0.49cvss 7.5epss 0.01
An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.
- risk 0.49cvss 7.5epss 0.02
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in…
- risk 0.49cvss 7.5epss 0.01
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
- risk 0.49cvss 7.5epss 0.02
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.
- risk 0.49cvss 7.5epss 0.01
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.
- risk 0.49cvss 7.5epss 0.01
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.
- risk 0.49cvss 7.5epss 0.04
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
- risk 0.49cvss 7.5epss 0.04
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
- risk 0.49cvss 7.5epss 0.03
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before…
- risk 0.49cvss 7.5epss 0.08
The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.
- risk 0.49cvss 7.5epss 0.08
HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow…
- risk 0.49cvss 7.5epss 0.04
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.
- risk 0.49cvss 7.5epss 0.04
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
Page 4 of 46