Microfocus: Security Vulnerabilities
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVSS Score
6.5
EPSS Score
0.034
Published
2019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVSS Score
7.8
EPSS Score
0.015
Published
2019-02-20
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-02-12
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
CVSS Score
8.6
EPSS Score
0.556
Published
2019-02-11
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVSS Score
6.5
EPSS Score
0.074
Published
2018-12-13
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVSS Score
6.5
EPSS Score
0.074
Published
2018-12-13
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-12
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
CVSS Score
7.5
EPSS Score
0.002
Published
2018-12-12
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-12
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.
CVSS Score
9.8
EPSS Score
0.103
Published
2018-11-21