U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:hp:system_management_homepage:2.1.3.132
There are 68 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2016-1996

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

Published: March 18, 2016; 6:59:05 AM -0400
V3.0: 7.7 HIGH
V2.0: 3.6 LOW
CVE-2016-1995

HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.

Published: March 18, 2016; 6:59:04 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-1994

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Published: March 18, 2016; 6:59:02 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-1993

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

Published: March 18, 2016; 6:59:01 AM -0400
V3.0: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2015-2134

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Published: July 21, 2015; 3:59:01 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2015-3237

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

Published: June 22, 2015; 3:59:04 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2015-4024

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

Published: June 09, 2015; 2:59:06 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Published: April 24, 2015; 10:59:11 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-3145

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Published: April 24, 2015; 10:59:10 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-3143

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

Published: April 24, 2015; 10:59:08 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-7874

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published: October 18, 2014; 9:55:21 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-2642

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

Published: October 01, 2014; 8:55:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2641

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Published: October 01, 2014; 8:55:03 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2014-2640

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 01, 2014; 8:55:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-4846

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors.

Published: March 14, 2014; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-4821

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors.

Published: September 23, 2013; 6:18:59 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-2364

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: July 22, 2013; 7:19:36 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-2363

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356.

Published: July 22, 2013; 7:19:36 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-2362

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676.

Published: July 22, 2013; 7:19:36 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2361

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 22, 2013; 7:19:36 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM