VYPR

Vendor CVEs

Microfocus

All CVEs

2,177 total · sorted by risk
  • CVE-2018-6491HigApr 24, 2018
    risk 0.53cvss 8.1epss 0.01

    Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.

  • CVE-2018-6488HigFeb 22, 2018
    risk 0.53cvss 8.1epss 0.02

    Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

  • CVE-2017-13989HigSep 30, 2017
    risk 0.53cvss 8.1epss 0.01

    An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

  • CVE-2015-0839HigAug 2, 2017
    risk 0.53cvss 8.1epss 0.06

    The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.

  • CVE-2016-4390HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.

  • CVE-2016-4389HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.

  • CVE-2016-4388HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.05

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.

  • CVE-2016-4387HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.09

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.

  • CVE-2016-4377HigAug 22, 2016
    risk 0.53cvss 8.1epss 0.07

    HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP…

  • CVE-2016-4362HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2016-4358HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.01

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.

  • CVE-2016-4357HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.

  • CVE-2016-2030HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.

  • CVE-2016-2028HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.

  • CVE-2016-2022HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.

  • CVE-2016-2021HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2020HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2019HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2017HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2014HigMay 7, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

  • CVE-2016-1993HigMar 18, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2024-4690HigOct 16, 2024
    risk 0.52cvss 8.0epss 0.00

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.

  • CVE-2024-8733HigOct 2, 2024
    risk 0.52cvss 8.0epss 0.00

    A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.

  • CVE-2022-38754HigDec 8, 2022
    risk 0.52cvss 8.0epss 0.01

    A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The…

  • CVE-2021-22528HigSep 13, 2021
    risk 0.52cvss 8.0epss 0.01

    Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

  • CVE-2019-18909HigNov 22, 2019
    risk 0.52cvss 8.0epss 0.02

    The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.

  • CVE-2018-5925HigAug 13, 2018
    risk 0.52cvss 7.8epss 0.11

    A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

  • CVE-2016-3092HigJul 4, 2016
    risk 0.52cvss 7.5epss 0.36

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long…

  • CVE-2016-4371HigJun 19, 2016
    risk 0.52cvss 8.0epss 0.01

    HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,…

  • CVE-2016-1991HigMar 16, 2016
    risk 0.52cvss 8.0epss 0.02

    HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.

  • CVE-2026-8632HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.01

    A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.

  • CVE-2026-2123HigMar 31, 2026
    risk 0.51cvss 7.8epss 0.00

    A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting…

  • CVE-2025-43019HigJul 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.

  • CVE-2025-43026HigJun 5, 2025
    risk 0.51cvss 7.8epss 0.00

    A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.

  • CVE-2025-1697HigApr 18, 2025
    risk 0.51cvss 7.8epss 0.00

    A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to…

  • CVE-2024-9419HigOct 30, 2024
    risk 0.51cvss 7.8epss 0.01

    Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could…

  • CVE-2022-27540HigJun 28, 2024
    risk 0.51cvss 7.8epss 0.00

    A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential…

  • CVE-2023-6138HigFeb 14, 2024
    risk 0.51cvss 7.9epss 0.00

    A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.

  • CVE-2023-5739HigOct 31, 2023
    risk 0.51cvss 7.8epss 0.00

    Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

  • CVE-2023-5671HigOct 25, 2023
    risk 0.51cvss 7.8epss 0.00

    HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

  • CVE-2023-26300HigOct 18, 2023
    risk 0.51cvss 7.8epss 0.00

    A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.

  • CVE-2022-31646HigJun 14, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31645HigJun 14, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31644HigJun 14, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31639HigJun 13, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31638HigJun 13, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31637HigJun 13, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31636HigJun 13, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2022-31635HigJun 13, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

  • CVE-2023-26294HigJun 12, 2023
    risk 0.51cvss 7.8epss 0.01

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Page 8 of 44