14 results (0.004 seconds)

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. Una vulnerabilidad de escalada de privilegios en Micro Focus en Micro Focus Operations Agent, afectando a versiones 12.x hasta 12.21 incluyéndola. La vulnerabilidad podría ser aprovechada por un usuario local no privilegiado para acceder a los datos de supervisión del sistema recopilados por Operations Agent • https://portal.microfocus.com/s/article/KM000003539?language=en_US •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent. Una vulnerabilidad de escalada de privilegios en Micro Focus Operations Agent afecta a versiones 12.0x, 12.10, 12.11, 12.12, 12.14 y 12.15. La vulnerabilidad podría ser explotada para escalar privilegios y ejecutar código bajo la cuenta del Operations Agent • https://softwaresupport.softwaregrp.com/doc/KM03792442 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. Una vulnerabilidad de escalada de privilegios local no autorizada en Micro Focus Operation Agent, que afecta a todas las versiones anteriores a la versión 12.11. La vulnerabilidad podría ser explotada para escalar los privilegios locales y conseguir acceso root en el sistema • https://softwaresupport.softwaregrp.com/doc/KM03709900 •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent. Una vulnerabilidad de ataque XXE en Micro Focus Operations Agent, versiones afectada 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. La vulnerabilidad podría ser explotada para llevar a cabo un ataque de tipo XXE sobre Operations Agent. • https://softwaresupport.softwaregrp.com/doc/KM03556426 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. Durante un protocolo de enlace de renegociación, si la extensión Encrypt-Then-Mac es negociada cuando no estaba en el protocolo de enlace original (o viceversa), se podría provocar el cierre inesperado de OpenSSL (dependiente de una suite de cifrado) en versiones 1.1.0 anteriores a la 1.1.0e. Tanto los clientes como los servidores se ven afectados. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/96269 http://www.securitytracker.com/id/1037846 https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us https://www.openssl.org/news/secadv/20170216.txt https://www.oracle.com/technetwork/security-advisory& • CWE-20: Improper Input Validation •