System Management Homepage Security Vulnerabilities and Issues — System Management Homepage CVE List

Lucene search

HpSystem Management Homepage

13 matches found

CVE•added 2016/07/19 2:0 a.m.•1411 views

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary ...

8.1CVSS8AI score0.59195EPSS

CVE•added 2016/07/19 2:0 a.m.•325 views

CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traf...

8.1CVSS8AI score0.79786EPSS

CVE•added 2016/05/22 1:59 a.m.•267 views

CVE-2016-4543

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

9.8CVSS7.8AI score0.0522EPSS

CVE•added 2016/07/19 2:0 a.m.•254 views

CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an a...

8.1CVSS6.8AI score0.28977EPSS

CVE•added 2016/03/18 10:59 a.m.•122 views

CVE-2016-1995

HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.7AI score0.16407EPSS

CVE•added 2016/03/18 10:59 a.m.•54 views

CVE-2016-1996

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

7.7CVSS7.5AI score0.00129EPSS

CVE•added 2016/03/18 10:59 a.m.•52 views

CVE-2016-1994

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6.5CVSS6.4AI score0.00255EPSS

CVE•added 2016/10/28 9:59 p.m.•48 views

CVE-2016-4396

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

7.8CVSS7.7AI score0.01457EPSS

CVE•added 2016/10/28 9:59 p.m.•45 views

CVE-2016-4393

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

5.4CVSS5.9AI score0.00251EPSS

CVE•added 2016/10/28 9:59 p.m.•45 views

CVE-2016-4395

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

7.8CVSS7.7AI score0.01457EPSS

CVE•added 2016/10/28 9:59 p.m.•43 views

CVE-2016-4394

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.

6.5CVSS6.7AI score0.00485EPSS

CVE•added 2016/03/18 10:59 a.m.•41 views

CVE-2016-1993

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

8.1CVSS7.7AI score0.00309EPSS

CVE•added 2016/05/14 3:59 p.m.•39 views

CVE-2016-2015

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.

7.1CVSS6.7AI score0.00657EPSS