VYPR

Vendor CVEs

Microfocus

All CVEs

2,179 total · sorted by risk
  • CVE-2023-26294HigJun 12, 2023
    risk 0.51cvss 7.8epss 0.01

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2022-43778HigJun 12, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

  • CVE-2022-43777HigJun 12, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

  • CVE-2022-27541HigJun 12, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

  • CVE-2022-27539HigJun 12, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

  • CVE-2019-16283HigJun 9, 2023
    risk 0.51cvss 7.8epss 0.00

    A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.

  • CVE-2022-38396HigFeb 12, 2023
    risk 0.51cvss 7.8epss 0.00

    HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows…

  • CVE-2022-3990HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

  • CVE-2022-27537HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential…

  • CVE-2022-23455HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

  • CVE-2022-23454HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

  • CVE-2022-23453HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

  • CVE-2021-3809HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

  • CVE-2021-3808HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

  • CVE-2021-3439HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

  • CVE-2022-38395HigDec 12, 2022
    risk 0.51cvss 7.8epss 0.03

    HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance…

  • CVE-2022-1038HigDec 12, 2022
    risk 0.51cvss 7.8epss 0.00

    A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.

  • CVE-2020-6922HigFeb 16, 2022
    risk 0.51cvss 7.8epss 0.01

    Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

  • CVE-2020-6921HigFeb 16, 2022
    risk 0.51cvss 7.8epss 0.01

    Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

  • CVE-2020-6919HigFeb 16, 2022
    risk 0.51cvss 7.8epss 0.01

    Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

  • CVE-2020-6918HigFeb 16, 2022
    risk 0.51cvss 7.8epss 0.01

    Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

  • CVE-2020-6917HigFeb 16, 2022
    risk 0.51cvss 7.8epss 0.01

    Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

  • CVE-2019-18912HigNov 9, 2021
    risk 0.51cvss 7.8epss 0.00

    A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution.

  • CVE-2019-18916HigNov 9, 2021
    risk 0.51cvss 7.8epss 0.00

    A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.

  • CVE-2020-6931HigNov 3, 2021
    risk 0.51cvss 7.8epss 0.00

    HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

  • CVE-2020-28416HigNov 3, 2021
    risk 0.51cvss 7.8epss 0.00

    HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.

  • CVE-2021-3440HigNov 1, 2021
    risk 0.51cvss 7.8epss 0.00

    HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.

  • CVE-2021-3438HigMay 20, 2021
    risk 0.51cvss 7.8epss 0.03

    A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.

  • CVE-2020-11861HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.

  • CVE-2015-0949HigJan 30, 2020
    risk 0.51cvss 7.8epss 0.00

    The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to…

  • CVE-2019-6329HigJun 25, 2019
    risk 0.51cvss 7.8epss 0.02

    HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.

  • CVE-2019-6328HigJun 25, 2019
    risk 0.51cvss 7.8epss 0.01

    HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.

  • CVE-2016-4397HigAug 6, 2018
    risk 0.51cvss 7.8epss 0.01

    A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.

  • CVE-2017-3210HigJul 24, 2018
    risk 0.51cvss 7.8epss 0.01

    Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These…

  • CVE-2016-2246HigDec 29, 2016
    risk 0.51cvss 7.8epss 0.01

    HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.

  • CVE-2016-4386HigSep 29, 2016
    risk 0.51cvss 7.8epss 0.01

    HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.

  • CVE-2016-1990HigMar 16, 2016
    risk 0.51cvss 7.8epss 0.00

    HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.

  • CVE-2016-2243HigMar 4, 2016
    risk 0.51cvss 7.9epss 0.00

    Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

  • CVE-2015-6859HigJan 5, 2016
    risk 0.51cvss 7.8epss 0.00

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.

  • CVE-2002-1796HigDec 31, 2002
    risk 0.51cvss 7.8epss 0.00

    ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

  • CVE-1999-0022HigJul 3, 1996
    risk 0.51cvss 7.8epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via expstr() function.

  • CVE-2024-28893HigMay 1, 2024
    risk 0.50cvss 7.7epss 0.00

    Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).

  • CVE-2017-3733HigMay 4, 2017
    risk 0.50cvss 7.5epss 0.13

    During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

  • CVE-2016-5388HigJul 19, 2016
    risk 0.50cvss 8.1epss 0.51

    Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…

  • CVE-2016-4447HigJun 9, 2016
    risk 0.50cvss 7.5epss 0.14

    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

  • CVE-2016-1996HigMar 18, 2016
    risk 0.50cvss 7.7epss 0.01

    HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2015-3200HigJun 9, 2015
    risk 0.50cvss 7.5epss 0.10

    mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2026-39455HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors.  Note: Software versions which have reached End of Technical…

  • CVE-2025-60805HigOct 28, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.

Page 9 of 44