Filtered by vendor Microfocus
Subscriptions
Total
221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2024-02-02 | 8.6 High |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | ||||
| CVE-2020-25835 | 1 Microfocus | 1 Arcsight Management Center | 2023-12-12 | 5.4 Medium |
| A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). | ||||
| CVE-2023-32268 | 1 Microfocus | 1 Filr | 2023-12-12 | 7.2 High |
| Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. | ||||
| CVE-2023-5913 | 1 Microfocus | 1 Fortify Scancentral Dast | 2023-11-16 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. | ||||
| CVE-2023-4964 | 1 Microfocus | 2 Asset Management X, Service Management Automation X | 2023-11-08 | 6.1 Medium |
| Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. | ||||
| CVE-2023-24470 | 1 Microfocus | 1 Arcsight Logger | 2023-11-07 | 9.1 Critical |
| Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. | ||||
| CVE-2023-24469 | 1 Microfocus | 1 Arcsight Logger | 2023-11-07 | 6.1 Medium |
| Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 | ||||
| CVE-2022-38757 | 1 Microfocus | 1 Zenworks | 2023-11-07 | 7.2 High |
| A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator. | ||||
| CVE-2022-38756 | 1 Microfocus | 1 Groupwise | 2023-11-07 | 4.3 Medium |
| A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. | ||||
| CVE-2022-38755 | 1 Microfocus | 1 Filr | 2023-11-07 | 5.3 Medium |
| A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. | ||||
| CVE-2022-38754 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2023-11-07 | 5.4 Medium |
| A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. | ||||
| CVE-2022-38753 | 1 Microfocus | 1 Netiq Advanced Authentication | 2023-11-07 | 6.3 Medium |
| This update resolves a multi-factor authentication bypass attack | ||||
| CVE-2022-26331 | 1 Microfocus | 1 Arcsight Logger | 2023-11-07 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. | ||||
| CVE-2022-26330 | 1 Microfocus | 1 Arcsight Logger | 2023-11-07 | 7.5 High |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. | ||||
| CVE-2022-26326 | 1 Microfocus | 1 Netiq Access Manager | 2023-11-07 | 6.1 Medium |
| Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 | ||||
| CVE-2022-26325 | 1 Microfocus | 1 Netiq Access Manager | 2023-11-07 | 6.1 Medium |
| Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 | ||||
| CVE-2021-38130 | 1 Microfocus | 1 Voltage Securemail | 2023-11-07 | 6.5 Medium |
| A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. | ||||
| CVE-2021-38129 | 1 Microfocus | 1 Operations Agent | 2023-11-07 | 3.3 Low |
| Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. | ||||
| CVE-2021-38127 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2023-11-07 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||
| CVE-2021-38126 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2023-11-07 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||