CVE-2016-2015

CWE-200 — Information Exposure CWE-416 — Use After Free44 documents12 sources

Severity

7.1HIGH

EPSS

0.1%

top 67.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP System Management Homepage

Timeline

PublishedMay 14

Latest updateMay 17

Description

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

▶NVDhp/system_management_homepage7.5.4.3

🔴Vulnerability Details

GHSA

GHSA-54x6-hj78-x95f: HPE System Management Homepage before 7↗2022-05-17

▶

GHSA

Spoofing attack due to unvalidated KDC in node-krb5↗2020-09-01

▶

CVEList

CVE-2016-2015: HPE System Management Homepage before 7↗2016-05-14

▶

💥Exploits & PoCs

Exploit-DB

glibc - 'getaddrinfo' Remote Stack Buffer Overflow↗2016-09-06

▶

Exploit-DB

DropBearSSHD 2015.71 - Command Injection↗2016-03-03

▶

📋Vendor Advisories

Red Hat

salt: local_batch client external authentication not respected↗2017-01-20

▶

Red Hat

php: Use After Free in unserialize()↗2016-12-08

▶

🕵️Threat Intelligence

Fortinet

Zimbra Collaboration XSS Vulnerability: Be Careful If You're Using Zimbra Email↗2016-01-31

▶

Unit42

NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan↗2016-01-21

▶

💬Community

Bugzilla

CVE-2016-4472 expat: Undefined behavior and pointer overflows↗2016-06-09

▶

Bugzilla

CVE-2016-1181 struts: Vulnerability in ActionForm allows unintended remote operations against components on server memory↗2016-06-07

▶

Bugzilla

CVE-2015-7579 rubygem-rails-html-sanitizer: XSS vulnerability in Action View's strip_tags function↗2016-01-26

▶

Bugzilla

CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r↗2016-01-20

▶

Bugzilla

CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c↗2015-12-28

▶