CVE-2020-11853

Public exploit
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
Max CVSS
8.8
EPSS Score
81.91%
Published
2020-10-22
Updated
2022-11-16

CVE-2020-7209

Public exploit
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
Max CVSS
9.8
EPSS Score
97.20%
Published
2020-02-13
Updated
2022-01-01

CVE-2020-7200

Public exploit
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.
Max CVSS
9.8
EPSS Score
61.91%
Published
2020-12-18
Updated
2021-03-25

CVE-2019-5736

Public exploit
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Max CVSS
9.3
EPSS Score
0.44%
Published
2019-02-11
Updated
2024-02-02

CVE-2017-12557

Public exploit
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
Max CVSS
10.0
EPSS Score
91.81%
Published
2018-02-15
Updated
2019-03-08

CVE-2017-12542

Public exploit
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
Max CVSS
10.0
EPSS Score
97.22%
Published
2018-02-15
Updated
2018-07-23

CVE-2017-5817

Public exploit
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
Max CVSS
10.0
EPSS Score
93.71%
Published
2018-02-15
Updated
2018-02-24

CVE-2017-5816

Public exploit
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
Max CVSS
10.0
EPSS Score
96.72%
Published
2018-02-15
Updated
2018-02-24

CVE-2017-2741

Public exploit
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
Max CVSS
10.0
EPSS Score
96.17%
Published
2018-01-23
Updated
2019-10-03

CVE-2016-2776

Public exploit
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Max CVSS
7.8
EPSS Score
97.29%
Published
2016-09-28
Updated
2019-12-27

CVE-2016-2004

Public exploit
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
Max CVSS
9.8
EPSS Score
12.55%
Published
2016-04-21
Updated
2019-07-12

CVE-2015-4000

Public exploit
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Max CVSS
4.3
EPSS Score
97.46%
Published
2015-05-21
Updated
2023-02-09

CVE-2014-2630

Public exploit
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
Max CVSS
4.4
EPSS Score
0.08%
Published
2014-08-12
Updated
2017-08-29

CVE-2014-2624

Public exploit
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.
Max CVSS
10.0
EPSS Score
97.06%
Published
2014-09-11
Updated
2017-08-29

CVE-2014-2623

Public exploit
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
52.18%
Published
2014-07-18
Updated
2017-01-07

CVE-2013-6221

Public exploit
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
Max CVSS
10.0
EPSS Score
97.17%
Published
2014-06-18
Updated
2014-07-18

CVE-2013-6194

Public exploit
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
Max CVSS
10.0
EPSS Score
75.51%
Published
2014-01-04
Updated
2019-10-09

CVE-2013-4837

Public exploit
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
Max CVSS
10.0
EPSS Score
94.56%
Published
2013-11-04
Updated
2019-10-09

CVE-2013-4835

Public exploit
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
Max CVSS
7.5
EPSS Score
97.14%
Published
2013-11-04
Updated
2017-07-01

CVE-2013-4826

Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.
Max CVSS
5.0
EPSS Score
1.85%
Published
2013-10-13
Updated
2019-10-09

CVE-2013-4824

Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
Max CVSS
7.5
EPSS Score
95.13%
Published
2013-10-13
Updated
2019-10-09

CVE-2013-4823

Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.
Max CVSS
5.0
EPSS Score
91.62%
Published
2013-10-13
Updated
2019-10-09

CVE-2013-4822

Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
Max CVSS
10.0
EPSS Score
94.56%
Published
2013-10-13
Updated
2019-10-09

CVE-2013-4812

Public exploit
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.96%
Published
2013-09-16
Updated
2013-09-26

CVE-2013-4811

Public exploit
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.96%
Published
2013-09-16
Updated
2013-09-26
97 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!