Filtered by vendor Microfocus
Subscribe
Total
237 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11666 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. | |||||
| CVE-2019-11664 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
| CVE-2019-11665 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
| CVE-2018-19641 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2019-11649 | 1 Microfocus | 1 Fortify Software Security Center | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser. | |||||
| CVE-2019-11647 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. | |||||
| CVE-2019-3489 | 1 Microfocus | 1 Content Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server. | |||||
| CVE-2018-18591 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | |||||
| CVE-2018-12469 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | |||||
| CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting vulnerability in iManager prior to 3.1 SP2. | |||||
| CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | |||||
| CVE-2018-18589 | 1 Microfocus | 1 Real User Monitoring | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. | |||||
| CVE-2018-7691 | 1 Microfocus | 1 Fortify Software Security Center | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | |||||
| CVE-2009-5153 | 1 Microfocus | 1 Netware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | |||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2024-02-28 | 9.3 HIGH | 8.6 HIGH |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | |||||
| CVE-2018-19645 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-7690 | 1 Microfocus | 1 Fortify Software Security Center | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | |||||
| CVE-2019-3474 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | |||||
| CVE-2018-12468 | 1 Microfocus | 1 Groupwise | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. | |||||
| CVE-2018-6499 | 1 Microfocus | 9 Autopass License Server, Data Center Automation, Hybrid Cloud Management and 6 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | |||||