CVE-2015-4000
Public exploit
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Max CVSS
4.3
EPSS Score
97.46%
Published
2015-05-21
Updated
2023-02-09
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-10-30
Updated
2017-09-08
Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.
Max CVSS
4.3
EPSS Score
0.31%
Published
2014-03-14
Updated
2019-10-09
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126.
Max CVSS
3.3
EPSS Score
0.04%
Published
2012-03-28
Updated
2017-12-06
Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.
Max CVSS
4.4
EPSS Score
0.04%
Published
2011-04-04
Updated
2011-04-21
Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-04-21
Updated
2017-09-19
Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.
Max CVSS
4.4
EPSS Score
0.04%
Published
2010-03-31
Updated
2017-09-19
The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.
Max CVSS
4.0
EPSS Score
0.50%
Published
2010-03-29
Updated
2017-09-19
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-12-05
Updated
2017-09-29
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-10-18
Updated
2022-10-24
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.18%
Published
2007-10-09
Updated
2017-09-29
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.
Max CVSS
3.3
EPSS Score
0.04%
Published
2007-08-29
Updated
2018-10-30
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-04-12
Updated
2017-10-11
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-02-14
Updated
2017-10-11
HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-01-19
Updated
2018-10-16
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-10-27
Updated
2017-10-19
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-10-27
Updated
2017-10-19
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
Max CVSS
4.6
EPSS Score
0.06%
Published
2006-10-23
Updated
2018-10-17
Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-09-15
Updated
2018-10-17
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.
Max CVSS
4.6
EPSS Score
0.06%
Published
2006-09-14
Updated
2018-10-17
Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-08-17
Updated
2018-10-17
Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
Max CVSS
4.9
EPSS Score
0.06%
Published
2006-06-23
Updated
2018-10-18
Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
Max CVSS
4.9
EPSS Score
0.09%
Published
2006-06-20
Updated
2018-10-18
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-05-23
Updated
2018-10-18
/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.
Max CVSS
4.9
EPSS Score
0.06%
Published
2006-03-30
Updated
2017-10-11