System Management Homepage
by Microfocus
CVEs (69)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3113 | Cri | 0.87 | 9.8 | 1.00 | KEV | Jun 23, 2015 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. | |
| CVE-2015-8651 | Hig | 0.75 | 8.8 | 0.68 | KEV | Dec 28, 2015 | Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to… | |
| CVE-2016-4543 | Cri | 0.65 | 9.8 | 0.12 | May 22, 2016 | The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via… | ||
| CVE-2016-1995 | Cri | 0.65 | 9.8 | 0.10 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-5387 | Hig | 0.57 | 8.1 | 0.56 | Jul 19, 2016 | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP… | ||
| CVE-2016-5385 | Hig | 0.57 | 8.1 | 0.50 | Jul 19, 2016 | PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an… | ||
| CVE-2016-1993 | Hig | 0.53 | 8.1 | 0.02 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2016-5388 | Hig | 0.50 | 8.1 | 0.51 | Jul 19, 2016 | Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote… | ||
| CVE-2016-1996 | Hig | 0.50 | 7.7 | 0.01 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2016-4396 | Hig | 0.49 | 7.5 | 0.04 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | ||
| CVE-2016-4395 | Hig | 0.49 | 7.5 | 0.04 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | ||
| CVE-2016-2015 | Hig | 0.46 | 7.1 | 0.00 | May 14, 2016 | HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2016-4394 | Med | 0.42 | 6.5 | 0.03 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | ||
| CVE-2016-1994 | Med | 0.42 | 6.5 | 0.02 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-4393 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | ||
| CVE-2013-3576 | 0.08 | — | 0.67 | Jun 14, 2013 | ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | |||
| CVE-2015-4024 | 0.04 | — | 0.50 | Jun 9, 2015 | Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an… | |||
| CVE-2010-1586 | 0.04 | — | 0.10 | Apr 28, 2010 | Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. | |||
| CVE-2015-3145 | 0.03 | — | 0.38 | Apr 24, 2015 | The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing… | |||
| CVE-2015-3237 | 0.01 | — | 0.09 | Jun 22, 2015 | The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. |
- risk 0.87cvss 9.8epss 1.00
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
- risk 0.75cvss 8.8epss 0.68
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to…
- risk 0.65cvss 9.8epss 0.12
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via…
- risk 0.65cvss 9.8epss 0.10
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.57cvss 8.1epss 0.56
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP…
- risk 0.57cvss 8.1epss 0.50
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an…
- risk 0.53cvss 8.1epss 0.02
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.50cvss 8.1epss 0.51
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…
- risk 0.50cvss 7.7epss 0.01
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
- risk 0.49cvss 7.5epss 0.04
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
- risk 0.46cvss 7.1epss 0.00
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.42cvss 6.5epss 0.03
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.
- risk 0.42cvss 6.5epss 0.02
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.
- CVE-2013-3576Jun 14, 2013risk 0.08cvss —epss 0.67
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
- CVE-2015-4024Jun 9, 2015risk 0.04cvss —epss 0.50
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an…
- CVE-2010-1586Apr 28, 2010risk 0.04cvss —epss 0.10
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
- CVE-2015-3145Apr 24, 2015risk 0.03cvss —epss 0.38
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing…
- CVE-2015-3237Jun 22, 2015risk 0.01cvss —epss 0.09
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Page 1 of 4