VYPR

Vendor CVEs

Microfocus

All CVEs

2,173 total · sorted by risk
  • CVE-2016-3710HigMay 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

  • CVE-2016-2009HigMay 7, 2016
    risk 0.57cvss 8.8epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

  • CVE-2015-5445HigJan 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2021-38135HigNov 22, 2024
    risk 0.56cvss 8.6epss 0.00

    Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.

  • CVE-2020-11862HigMar 13, 2024
    risk 0.56cvss 8.6epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.

  • CVE-2016-4384HigSep 21, 2016
    risk 0.56cvss 8.6epss 0.04

    HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2025-10577HigOct 15, 2025
    risk 0.55cvss epss 0.00

    Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities

  • CVE-2025-3478HigAug 25, 2025
    risk 0.55cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.

  • CVE-2025-43490HigAug 15, 2025
    risk 0.55cvss epss 0.00

    A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

  • CVE-2025-1003HigFeb 4, 2025
    risk 0.55cvss epss 0.00

    A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.

  • CVE-2024-1973HigMar 25, 2024
    risk 0.55cvss 8.5epss 0.00

    By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.

  • CVE-2022-37018HigDec 12, 2022
    risk 0.55cvss 8.4epss 0.00

    A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.

  • CVE-2021-3661HigDec 12, 2022
    risk 0.55cvss 8.4epss 0.00

    A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

  • CVE-2016-4383HigJun 27, 2017
    risk 0.55cvss 8.4epss 0.03

    The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

  • CVE-2016-4364HigJun 8, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.

  • CVE-2016-1593HigApr 22, 2016
    risk 0.55cvss 7.2epss 0.64

    Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a…

  • CVE-2015-6862HigJan 8, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

  • CVE-2015-6860HigJan 5, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.

  • CVE-2020-11858HigOct 27, 2020
    risk 0.54cvss 7.8epss 0.03

    Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60,…

  • CVE-2020-11855HigSep 22, 2020
    risk 0.54cvss 7.8epss 0.01

    An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.

  • CVE-2019-18915HigFeb 13, 2020
    risk 0.54cvss 7.8epss 0.01

    A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.

  • CVE-2019-11661HigSep 18, 2019
    risk 0.54cvss 8.3epss 0.01

    Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.

  • CVE-2019-11660HigSep 13, 2019
    risk 0.54cvss 7.8epss 0.08

    Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.

  • CVE-2019-3475HigFeb 20, 2019
    risk 0.54cvss 7.8epss 0.01

    A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

  • CVE-2017-14355HigDec 5, 2017
    risk 0.54cvss 7.8epss 0.02

    A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.

  • CVE-2016-0778HigJan 14, 2016
    risk 0.54cvss 8.1epss 0.20

    The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a…

  • CVE-2004-0940HigFeb 9, 2005
    risk 0.54cvss 7.8epss 0.05

    Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

  • CVE-2020-11847HigAug 21, 2024
    risk 0.53cvss 8.2epss 0.00

    SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

  • CVE-2024-4190HigJun 11, 2024
    risk 0.53cvss 8.1epss 0.00

    Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited.

  • CVE-2023-5410HigMar 12, 2024
    risk 0.53cvss 8.2epss 0.00

    A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.

  • CVE-2024-1174HigMar 1, 2024
    risk 0.53cvss 8.2epss 0.00

    Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities.

  • CVE-2022-1805HigJul 28, 2022
    risk 0.53cvss 8.1epss 0.01

    When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network.…

  • CVE-2022-23934HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23933HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23932HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23931HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23930HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23929HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23928HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23927HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23926HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23925HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2022-23924HigMar 11, 2022
    risk 0.53cvss 8.2epss 0.01

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

  • CVE-2021-22498HigJan 19, 2021
    risk 0.53cvss 8.1epss 0.01

    XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited…

  • CVE-2019-6319HigJan 9, 2020
    risk 0.53cvss 8.1epss 0.01

    HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device…

  • CVE-2019-6320HigJan 9, 2020
    risk 0.53cvss 8.1epss 0.01

    Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device…

  • CVE-2019-11957HigJun 5, 2019
    risk 0.53cvss 8.1epss 0.05

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5355HigJun 5, 2019
    risk 0.53cvss 7.5epss 0.54

    A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2018-7123HigJun 5, 2019
    risk 0.53cvss 7.5epss 0.58

    A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2018-6491HigApr 24, 2018
    risk 0.53cvss 8.1epss 0.01

    Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.

Page 7 of 44