HP : Security Vulnerabilities, CVEs, CVSS score between 4 and 4.99

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

HP-UX gwind program allows users to modify arbitrary files.

Vulnerability in HP-UX mediainit program.

Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.

ftp on HP-UX 11.00 allows local users to gain privileges.

Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.

Local users can gain privileges using the debug utility in the MPE/iX operating system.

HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges.

HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so.

Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges.

Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.

movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.

Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.

HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.

Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.

Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.

Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.

Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.