Skip to main content

System Management Homepage

46 CVEs product

Monthly

CVE-2023-50271 HIGH This Week

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2016-4396 HIGH This Week

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow System Management Homepage
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-4395 HIGH This Week

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow System Management Homepage
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-4394 MEDIUM This Month

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure System Management Homepage
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-4393 MEDIUM This Month

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS System Management Homepage
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5388 Maven HIGH PATCH Act Now

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 36.8%.

Apache Tomcat Authentication Bypass Enterprise Linux Desktop Enterprise Linux Hpc Node +8
NVD
CVSS 3.0
8.1
EPSS
36.8%
CVE-2016-5387 HIGH PATCH Act Now

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.3%.

Information Disclosure Apache Http Server System Management Homepage Communications User Data Repository +18
NVD
CVSS 3.1
8.1
EPSS
60.3%
CVE-2016-5385 PHP HIGH POC PATCH THREAT Act Now

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 81.3%.

Open Redirect PHP Communications User Data Repository Enterprise Manager Ops Center Linux +9
NVD GitHub
CVSS 3.1
8.1
EPSS
81.3%
Threat
5.6
CVE-2016-4543 CRITICAL POC PATCH Act Now

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow System Management Homepage Fedora +1
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2016-2015 HIGH This Week

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure System Management Homepage
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-1996 HIGH PATCH This Week

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure System Management Homepage
NVD
CVSS 3.0
7.7
EPSS
0.1%
CVE-2016-1995 CRITICAL PATCH Act Now

HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.4%.

RCE System Management Homepage
NVD
CVSS 3.0
9.8
EPSS
16.4%
CVE-2016-1994 MEDIUM PATCH This Month

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure System Management Homepage
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-1993 HIGH PATCH This Week

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure System Management Homepage
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2015-2134 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-3237 MEDIUM PATCH This Month

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Curl Libcurl System Management Homepage +2
NVD
CVSS 2.0
6.4
EPSS
5.1%
CVE-2015-4024 MEDIUM POC PATCH THREAT This Month

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Denial Of Service PHP Enterprise Linux Mac Os X System Management Homepage +8
NVD
CVSS 2.0
5.0
EPSS
75.5%
Threat
4.8
CVE-2015-3148 MEDIUM This Month

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Ubuntu Linux Debian Linux Mac Os X +4
NVD
CVSS 2.0
5.0
EPSS
1.7%
CVE-2015-3145 HIGH Act Now

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.7% and no vendor patch available.

Denial Of Service Buffer Overflow Fedora Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
7.5
EPSS
63.7%
CVE-2015-3143 MEDIUM This Month

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Curl Ubuntu Linux Debian Linux Libcurl +2
NVD
CVSS 2.0
5.0
EPSS
3.5%
CVE-2014-7874 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage Hp Ux
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-2642 MEDIUM This Month

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure System Management Homepage
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2641 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-2640 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP System Management Homepage
NVD
CVSS 2.0
4.3
EPSS
2.1%
CVE-2013-6188 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

HP CSRF System Management Homepage
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4846 MEDIUM PATCH This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure System Management Homepage
NVD VulDB
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-4821 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-2364 LOW Monitor

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS System Management Homepage
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2363 MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-2362 LOW Monitor

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2361 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS System Management Homepage
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2360 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2359 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2358 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2357 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2356 MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-2355 MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP System Management Homepage
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5217 MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP System Management Homepage
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-3576 CRITICAL POC THREAT Emergency

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.3%.

PHP Command Injection HP System Management Homepage
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
46.3%
Threat
4.7
CVE-2012-2016 MEDIUM PATCH This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-2015 CRITICAL PATCH Act Now

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2012-2014 CRITICAL PATCH Act Now

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2012-2013 HIGH PATCH This Week

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2012-2012 CRITICAL PATCH Act Now

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
10.0
EPSS
4.5%
CVE-2012-1993 LOW Monitor

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2012-0135 LOW Monitor

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
3.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow System Management Homepage
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow System Management Homepage
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure System Management Homepage
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS System Management Homepage
NVD
EPSS 37% CVSS 8.1
HIGH PATCH Act Now

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 36.8%.

Apache Tomcat Authentication Bypass +10
NVD
EPSS 60% CVSS 8.1
HIGH PATCH Act Now

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.3%.

Information Disclosure Apache Http Server +20
NVD
EPSS 81% 5.6 CVSS 8.1
HIGH POC PATCH THREAT Act Now

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 81.3%.

Open Redirect PHP Communications User Data Repository +11
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure System Management Homepage
NVD
EPSS 0% CVSS 7.7
HIGH PATCH This Week

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure System Management Homepage
NVD
EPSS 16% CVSS 9.8
CRITICAL PATCH Act Now

HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.4%.

RCE System Management Homepage
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure System Management Homepage
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure System Management Homepage
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
EPSS 5% CVSS 6.4
MEDIUM PATCH This Month

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Curl +4
NVD
EPSS 76% 4.8 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Denial Of Service PHP Enterprise Linux +10
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Ubuntu Linux +6
NVD
EPSS 64% CVSS 7.5
HIGH Act Now

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.7% and no vendor patch available.

Denial Of Service Buffer Overflow Fedora +8
NVD
EPSS 3% CVSS 5.0
MEDIUM This Month

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Curl Ubuntu Linux +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure System Management Homepage
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP System Management Homepage
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

HP CSRF System Management Homepage
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure System Management Homepage
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS System Management Homepage
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS System Management Homepage
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP System Management Homepage
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP System Management Homepage
NVD
EPSS 46% 4.7 CVSS 9.0
CRITICAL POC THREAT Emergency

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.3%.

PHP Command Injection HP +1
NVD Exploit-DB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure HP System Management Homepage
NVD
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure HP System Management Homepage
NVD
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure HP System Management Homepage
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service HP System Management Homepage
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure HP System Management Homepage
NVD
EPSS 0% CVSS 3.2
LOW Monitor

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy