CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1994
https://notcve.org/view.php?id=CVE-2016-1994
18 Mar 2016 — HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. HPE System Management Homepage en versiones anteriores a 7.5.4 permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www.securitytracker.com/id/1035325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1993
https://notcve.org/view.php?id=CVE-2016-1993
18 Mar 2016 — HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. HPE System Management Homepage en versiones anteriores a 7.5.4 permite a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores no especificados. • http://www.securitytracker.com/id/1035325 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1995
https://notcve.org/view.php?id=CVE-2016-1995
18 Mar 2016 — HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. HPE System Management Homepage en versiones anteriores a 7.5.4 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.securitytracker.com/id/1035325 •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1996
https://notcve.org/view.php?id=CVE-2016-1996
18 Mar 2016 — HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. HPE System Management Homepage en versiones anteriores a 7.5.4 permite a usuarios locales obtener información sensible o modificar datos a través de vectores no especificados. • http://www.securitytracker.com/id/1035325 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2134 – HP Security Bulletin HPSBMU03380 1
https://notcve.org/view.php?id=CVE-2015-2134
21 Jul 2015 — Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de Cross-site request forgery (CSRF) en HP System Management Homepage (SMH) en sus versiones anteriores a la 7.5.0 permite a usuarios remotos autenticados secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. Multiple potential security vulnerabilities... • http://marc.info/?l=bugtraq&m=144050155601375&w=2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 42%CPEs: 22EXPL: 2CVE-2015-3113 – Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2015-3113
23 Jun 2015 — Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player anterior a 13.0.0.296 y 14.x hasta 18.x anterior a 18.0.0.194 en Windows y OS X y anterior a 11.2.202.468 en Linux permite a atacantes remotos ejecutar código arbit... • https://packetstorm.news/files/id/132525 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 14EXPL: 0CVE-2015-3237 – Gentoo Linux Security Advisory 201509-02
https://notcve.org/view.php?id=CVE-2015-3237
22 Jun 2015 — The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. La función smb_request_state en cURL y libcurl 7.40.0 hasta 7.42.1 permite a servidores SMB remotos obtener información sensible de la memoria o causar una denegación de servicio (lectura fuera de rango y caída) a través de valores de longitud y desplazamiento manipulado... • http://curl.haxx.se/docs/adv_20150617B.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 33%CPEs: 65EXPL: 1CVE-2015-4024 – php: multipart/form-data request parsing CPU usage DoS
https://notcve.org/view.php?id=CVE-2015-4024
09 Jun 2015 — Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. Vulnerabilidad de complejidad algorítmica en la función multipart_buffer_headers en main/rfc1867.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permiten a atacantes remotos ca... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 4%CPEs: 159EXPL: 0CVE-2015-3148 – curl: Negotiate not treated as connection-oriented
https://notcve.org/view.php?id=CVE-2015-3148
22 Apr 2015 — cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. cURL y libcurl 7.10.6 hasta la versión 7.41.0 no reutiliza adecuadamente la conexiones Negotiate autenticadas, lo que permite a atacantes remotos conectarse como otros usuarios a través de una solicitud. It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application... • http://advisories.mageia.org/MGASA-2015-0179.html • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 75%CPEs: 41EXPL: 1CVE-2015-3145 – Gentoo Linux Security Advisory 201509-02
https://notcve.org/view.php?id=CVE-2015-3145
22 Apr 2015 — The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. La función sanitize_cookie_path en cURL y libcurl 7.31.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango y ca... • https://github.com/serz999/CVE-2015-3145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •