"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
Max CVSS
7.5
EPSS Score
95.32%
Published
2019-01-16
Updated
2022-04-12

CVE-2016-2776

Public exploit
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Max CVSS
7.8
EPSS Score
97.29%
Published
2016-09-28
Updated
2019-12-27
Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-07-06
Updated
2016-12-28
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
Max CVSS
8.5
EPSS Score
0.35%
Published
2014-12-10
Updated
2019-10-09
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.19%
Published
2014-10-19
Updated
2017-09-08
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Max CVSS
9.3
EPSS Score
2.04%
Published
2014-07-17
Updated
2022-05-13
Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.
Max CVSS
6.2
EPSS Score
0.04%
Published
2014-03-11
Updated
2019-10-09
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
Max CVSS
7.8
EPSS Score
95.80%
Published
2013-07-29
Updated
2019-04-22
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
3.79%
Published
2012-04-05
Updated
2017-09-19
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
Max CVSS
6.8
EPSS Score
0.04%
Published
2011-07-11
Updated
2017-09-19
Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors.
Max CVSS
6.8
EPSS Score
1.06%
Published
2011-04-15
Updated
2017-08-17
HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.88%
Published
2010-12-08
Updated
2017-09-19
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
Max CVSS
6.8
EPSS Score
0.04%
Published
2010-08-30
Updated
2017-09-19
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-09-24
Updated
2017-09-19
Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.
Max CVSS
7.8
EPSS Score
3.27%
Published
2009-10-05
Updated
2017-09-19
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.
Max CVSS
6.0
EPSS Score
0.04%
Published
2009-04-29
Updated
2017-09-29
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
Max CVSS
9.3
EPSS Score
13.34%
Published
2009-02-04
Updated
2017-09-29
Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.
Max CVSS
6.8
EPSS Score
0.04%
Published
2009-03-25
Updated
2017-09-29
Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
Max CVSS
7.8
EPSS Score
3.42%
Published
2008-12-11
Updated
2011-03-08
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
Max CVSS
10.0
EPSS Score
1.36%
Published
2008-08-13
Updated
2017-09-29
Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
Max CVSS
7.8
EPSS Score
4.25%
Published
2008-08-08
Updated
2017-09-29
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
Max CVSS
10.0
EPSS Score
2.38%
Published
2008-08-01
Updated
2017-09-29
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.
Max CVSS
6.3
EPSS Score
0.04%
Published
2008-05-21
Updated
2017-09-29
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
Max CVSS
6.8
EPSS Score
1.02%
Published
2008-05-13
Updated
2017-09-29
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
Max CVSS
10.0
EPSS Score
4.09%
Published
2008-01-23
Updated
2018-10-15
167 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!