Filtered by vendor Hp
Subscriptions
Total
2433 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 16 Debian Linux, Drupal, Fedora and 13 more | 2024-08-06 | 8.1 High |
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | ||||
CVE-2016-4543 | 5 Fedoraproject, Hp, Opensuse and 2 more | 5 Fedora, System Management Homepage, Leap and 2 more | 2024-08-06 | N/A |
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | ||||
CVE-2016-4447 | 9 Apple, Canonical, Debian and 6 more | 14 Iphone Os, Itunes, Mac Os X and 11 more | 2024-08-06 | N/A |
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | ||||
CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 22 Icloud, Iphone Os, Itunes and 19 more | 2024-08-06 | 9.8 Critical |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | ||||
CVE-2016-4389 | 1 Hp | 1 Keyview | 2024-08-06 | N/A |
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. | ||||
CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2024-08-06 | N/A |
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | ||||
CVE-2016-4391 | 1 Hp | 1 Arcsight Winc Connector | 2024-08-06 | N/A |
A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | ||||
CVE-2016-4375 | 1 Hp | 5 Integrated Lights-out 3, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 and 2 more | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | ||||
CVE-2016-4390 | 1 Hp | 1 Keyview | 2024-08-06 | N/A |
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389. | ||||
CVE-2016-4403 | 1 Hp | 1 Keyview | 2024-08-06 | N/A |
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption. | ||||
CVE-2016-4381 | 1 Hp | 1 Xp7 Command View | 2024-08-06 | N/A |
HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2016-4386 | 1 Hp | 1 Network Automation | 2024-08-06 | N/A |
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | ||||
CVE-2016-4393 | 1 Hp | 1 System Management Homepage | 2024-08-06 | N/A |
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | ||||
CVE-2016-4383 | 1 Hp | 1 Helion Openstack Glance | 2024-08-06 | N/A |
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | ||||
CVE-2016-4404 | 1 Hp | 1 Keyview | 2024-08-06 | N/A |
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue. | ||||
CVE-2016-4398 | 1 Hp | 1 Network Node Manager I | 2024-08-06 | N/A |
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. | ||||
CVE-2016-4396 | 1 Hp | 1 System Management Homepage | 2024-08-06 | N/A |
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | ||||
CVE-2016-4368 | 1 Hp | 3 Universal Cmbd Configuration Manager, Universal Cmbd Foundation, Universal Discovery | 2024-08-06 | N/A |
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
CVE-2016-4378 | 1 Hp | 2 Xp7 Command View, Xp 9000 Command View | 2024-08-06 | N/A |
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2016-4372 | 1 Hp | 6 Intelligent Management Center Application Performance Manager, Intelligent Management Center Branch Intelligent Management System, Intelligent Management Center Endpoint Admission Defense and 3 more | 2024-08-06 | N/A |
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. |