CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12546 – HPE Security Bulletin HPESBMU03753 1
https://notcve.org/view.php?id=CVE-2017-12546
03 Oct 2017 — A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. Se ha encontrado una vulnerabilidad de desbordamiento de búfer local en HPE System Management Homepage para Windows y Linux en versiones anteriores a la 7.6. Several potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Cross-site scripting, local and remote... • http://www.securityfocus.com/bid/101029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2016-4396 – Hewlett Packard Enterprise System Management Homepage SSO TKN Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4396
27 Oct 2016 — HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos, relacionado con un problema de "desbordamiento de búfer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise System Manage... • http://www.securityfocus.com/bid/93961 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4394 – HP Security Bulletin HPSBMU03691 1
https://notcve.org/view.php?id=CVE-2016-4394
27 Oct 2016 — HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos obtener información sensible a través de vectores no especificados, relacionado con un problema de "HSTS". Several potential security vulnerabilities have been identified in HPE Insight Control. The vulnerabilities could be exploited remotely resulting in remote denial ... • http://www.securityfocus.com/bid/93961 • CWE-254: 7PK - Security Features •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2016-4395 – Hewlett Packard Enterprise System Management Homepage SetSMHData Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4395
27 Oct 2016 — HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos, relacionado con un problema de "desbordamiento de búfer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise System Manage... • http://www.securityfocus.com/bid/93961 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4393 – HP Security Bulletin HPSBMU03691 1
https://notcve.org/view.php?id=CVE-2016-4393
27 Oct 2016 — HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes "remotos autenticados" obtener información sensible a través de vectores no especificados, relacionado con un problema de "XSS". Several potential security vulnerabilities have been identified in HPE Insight Control. The vulnerabilities could be exploited remotel... • http://www.securityfocus.com/bid/93961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 96%CPEs: 18EXPL: 0CVE-2016-5388 – Tomcat: CGI sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5388
19 Jul 2016 — Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat... • http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 94%CPEs: 21EXPL: 0CVE-2016-5385 – PHP: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5385
19 Jul 2016 — PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issu... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 55%CPEs: 52EXPL: 0CVE-2016-5387 – HTTPD: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5387
18 Jul 2016 — The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID fo... • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 31EXPL: 1CVE-2016-4543 – php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input
https://notcve.org/view.php?id=CVE-2016-4543
22 May 2016 — The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. La función exif_process_IFD_in_JPEG en ext/exif/exif.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 no valida tamaños IFD, lo que permite a at... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2015 – HP Security Bulletin HPSBMU03612 1
https://notcve.org/view.php?id=CVE-2016-2015
14 May 2016 — HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. HPE System Management Homepage en versiones anteriores a 7.5.5 permite a usuarios locales obtener información sensible o modificar datos a través de vectores no especificados. Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cr... • http://www.securitytracker.com/id/1035775 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •