Vulnerabilities > HP > System Management Homepage > 2.1.4.143
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-03-18 | CVE-2016-1996 | Security Bypass vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | 3.6 |
2016-03-18 | CVE-2016-1995 | Unspecified vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2016-03-18 | CVE-2016-1994 | Information Exposure vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |
2016-03-18 | CVE-2016-1993 | Unspecified vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 5.5 |
2015-07-21 | CVE-2015-2134 | Cross-Site Request Forgery (CSRF) vulnerability in HP System Management Homepage Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
2015-06-22 | CVE-2015-3237 | Improper Input Validation vulnerability in multiple products The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. | 6.4 |
2015-06-09 | CVE-2015-4024 | Resource Management Errors vulnerability in multiple products Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. | 5.0 |
2015-04-24 | CVE-2015-3148 | Improper Access Control vulnerability in multiple products cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | 5.0 |
2015-04-24 | CVE-2015-3145 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. | 7.5 |
2015-04-24 | CVE-2015-3143 | Permissions, Privileges, and Access Controls vulnerability in multiple products cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | 5.0 |