Vendor CVEs
Microfocus
All CVEs
2,179 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-26294 | Hig | 0.51 | 7.8 | 0.01 | Jun 12, 2023 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | ||
| CVE-2022-43778 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2023 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | ||
| CVE-2022-43777 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2023 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | ||
| CVE-2022-27541 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2023 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | ||
| CVE-2022-27539 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2023 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | ||
| CVE-2019-16283 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2023 | A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | ||
| CVE-2022-38396 | Hig | 0.51 | 7.8 | 0.00 | Feb 12, 2023 | HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows… | ||
| CVE-2022-3990 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. | ||
| CVE-2022-27537 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential… | ||
| CVE-2022-23455 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | ||
| CVE-2022-23454 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | ||
| CVE-2022-23453 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | ||
| CVE-2021-3809 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. | ||
| CVE-2021-3808 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. | ||
| CVE-2021-3439 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. | ||
| CVE-2022-38395 | Hig | 0.51 | 7.8 | 0.03 | Dec 12, 2022 | HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance… | ||
| CVE-2022-1038 | Hig | 0.51 | 7.8 | 0.00 | Dec 12, 2022 | A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software. | ||
| CVE-2020-6922 | Hig | 0.51 | 7.8 | 0.01 | Feb 16, 2022 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | ||
| CVE-2020-6921 | Hig | 0.51 | 7.8 | 0.01 | Feb 16, 2022 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | ||
| CVE-2020-6919 | Hig | 0.51 | 7.8 | 0.01 | Feb 16, 2022 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | ||
| CVE-2020-6918 | Hig | 0.51 | 7.8 | 0.01 | Feb 16, 2022 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | ||
| CVE-2020-6917 | Hig | 0.51 | 7.8 | 0.01 | Feb 16, 2022 | Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | ||
| CVE-2019-18912 | Hig | 0.51 | 7.8 | 0.00 | Nov 9, 2021 | A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution. | ||
| CVE-2019-18916 | Hig | 0.51 | 7.8 | 0.00 | Nov 9, 2021 | A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. | ||
| CVE-2020-6931 | Hig | 0.51 | 7.8 | 0.00 | Nov 3, 2021 | HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege. | ||
| CVE-2020-28416 | Hig | 0.51 | 7.8 | 0.00 | Nov 3, 2021 | HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. | ||
| CVE-2021-3440 | Hig | 0.51 | 7.8 | 0.00 | Nov 1, 2021 | HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. | ||
| CVE-2021-3438 | Hig | 0.51 | 7.8 | 0.03 | May 20, 2021 | A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. | ||
| CVE-2020-11861 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | ||
| CVE-2015-0949 | Hig | 0.51 | 7.8 | 0.00 | Jan 30, 2020 | The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to… | ||
| CVE-2019-6329 | Hig | 0.51 | 7.8 | 0.02 | Jun 25, 2019 | HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328. | ||
| CVE-2019-6328 | Hig | 0.51 | 7.8 | 0.01 | Jun 25, 2019 | HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329. | ||
| CVE-2016-4397 | Hig | 0.51 | 7.8 | 0.01 | Aug 6, 2018 | A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. | ||
| CVE-2017-3210 | Hig | 0.51 | 7.8 | 0.01 | Jul 24, 2018 | Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These… | ||
| CVE-2016-2246 | Hig | 0.51 | 7.8 | 0.01 | Dec 29, 2016 | HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | ||
| CVE-2016-4386 | Hig | 0.51 | 7.8 | 0.01 | Sep 29, 2016 | HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | ||
| CVE-2016-1990 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2016 | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | ||
| CVE-2016-2243 | Hig | 0.51 | 7.9 | 0.00 | Mar 4, 2016 | Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. | ||
| CVE-2015-6859 | Hig | 0.51 | 7.8 | 0.00 | Jan 5, 2016 | HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. | ||
| CVE-2002-1796 | Hig | 0.51 | 7.8 | 0.00 | Dec 31, 2002 | ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | ||
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.01 | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. | ||
| CVE-2024-28893 | Hig | 0.50 | 7.7 | 0.00 | May 1, 2024 | Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). | ||
| CVE-2017-3733 | Hig | 0.50 | 7.5 | 0.13 | May 4, 2017 | During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | ||
| CVE-2016-5388 | Hig | 0.50 | 8.1 | 0.51 | Jul 19, 2016 | Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote… | ||
| CVE-2016-4447 | Hig | 0.50 | 7.5 | 0.14 | Jun 9, 2016 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | ||
| CVE-2016-1996 | Hig | 0.50 | 7.7 | 0.01 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2015-3200 | Hig | 0.50 | 7.5 | 0.10 | Jun 9, 2015 | mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | ||
| CVE-2004-0079 | Hig | 0.50 | 7.5 | 0.10 | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||
| CVE-2026-39455 | Hig | 0.49 | 7.5 | 0.00 | May 13, 2026 | When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical… | ||
| CVE-2025-60805 | Hig | 0.49 | 7.5 | 0.00 | Oct 28, 2025 | An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml. |
- risk 0.51cvss 7.8epss 0.01
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
- risk 0.51cvss 7.8epss 0.00
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
- risk 0.51cvss 7.8epss 0.00
A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.00
HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows…
- risk 0.51cvss 7.8epss 0.00
HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.
- risk 0.51cvss 7.8epss 0.00
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential…
- risk 0.51cvss 7.8epss 0.00
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
- risk 0.51cvss 7.8epss 0.00
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
- risk 0.51cvss 7.8epss 0.00
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
- risk 0.51cvss 7.8epss 0.00
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
- risk 0.51cvss 7.8epss 0.00
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
- risk 0.51cvss 7.8epss 0.00
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
- risk 0.51cvss 7.8epss 0.03
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance…
- risk 0.51cvss 7.8epss 0.00
A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.
- risk 0.51cvss 7.8epss 0.01
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
- risk 0.51cvss 7.8epss 0.01
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
- risk 0.51cvss 7.8epss 0.01
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
- risk 0.51cvss 7.8epss 0.01
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
- risk 0.51cvss 7.8epss 0.01
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
- risk 0.51cvss 7.8epss 0.00
A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution.
- risk 0.51cvss 7.8epss 0.00
A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.
- risk 0.51cvss 7.8epss 0.00
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.
- risk 0.51cvss 7.8epss 0.00
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.
- risk 0.51cvss 7.8epss 0.00
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.
- risk 0.51cvss 7.8epss 0.03
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
- risk 0.51cvss 7.8epss 0.00
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.
- risk 0.51cvss 7.8epss 0.00
The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to…
- risk 0.51cvss 7.8epss 0.02
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
- risk 0.51cvss 7.8epss 0.01
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
- risk 0.51cvss 7.8epss 0.01
A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.
- risk 0.51cvss 7.8epss 0.01
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These…
- risk 0.51cvss 7.8epss 0.01
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
- risk 0.51cvss 7.8epss 0.01
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
- risk 0.51cvss 7.9epss 0.00
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.
- risk 0.51cvss 7.8epss 0.00
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
- risk 0.51cvss 7.8epss 0.00
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
- risk 0.51cvss 7.8epss 0.01
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
- risk 0.50cvss 7.7epss 0.00
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).
- risk 0.50cvss 7.5epss 0.13
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
- risk 0.50cvss 8.1epss 0.51
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…
- risk 0.50cvss 7.5epss 0.14
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
- risk 0.50cvss 7.7epss 0.01
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.50cvss 7.5epss 0.10
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
- risk 0.50cvss 7.5epss 0.10
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
- risk 0.49cvss 7.5epss 0.00
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical…
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.
Page 9 of 44