CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6402 59 2014-01-05 2014-03-05
2.1
None Local Low Not required None Partial None
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
2 CVE-2013-6216 +Priv 2014-04-12 2014-04-14
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors.
3 CVE-2013-4820 +Info 2013-09-23 2013-09-25
2.1
None Remote High Single system Partial None None
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.
4 CVE-2013-2362 DoS 2013-07-22 2013-07-22
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676.
5 CVE-2012-6108 264 2014-02-15 2014-02-21
2.1
None Local Low Not required None None Partial
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.
6 CVE-2012-3276 16 DoS 2012-12-13 2012-12-17
2.1
None Local Low Not required None None Partial
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors.
7 CVE-2011-0279 287 2011-03-07 2011-03-17
2.1
None Local Low Not required Partial None None
HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication.
8 CVE-2010-2612 200 +Info 2010-07-02 2010-07-02
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.
9 CVE-2008-5417 264 Bypass 2008-12-10 2011-01-05
2.1
None Local Low Not required None Partial None
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services.
10 CVE-2008-3902 200 +Info 2008-09-03 2009-01-29
2.1
None Local Low Not required Partial None None
HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104.
11 CVE-2008-3539 200 +Info 2008-09-10 2009-01-29
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors.
12 CVE-2007-4931 2007-09-18 2008-11-15
2.1
None Local Low Not required None Partial None
HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL.
13 CVE-2007-0805 +Info 2007-02-07 2008-11-15
2.1
None Local Low Not required Partial None None
The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587.
14 CVE-2006-4820 DoS 2006-09-15 2009-03-04
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
15 CVE-2006-4187 DoS 2006-08-16 2009-03-04
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.
16 CVE-2006-2551 DoS 2006-05-23 2009-03-04
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.
17 CVE-2005-3476 DoS 2005-11-02 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service.
18 CVE-2005-3295 DoS 2005-10-23 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
19 CVE-2005-2076 2005-06-29 2008-09-05
2.1
None Local Low Not required Partial None None
HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.
20 CVE-2005-0719 DoS 2005-03-09 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd.
21 CVE-2005-0652 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.
22 CVE-2004-1857 Dir. Trav. 2004-03-24 2008-09-05
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
23 CVE-2004-1713 2004-08-10 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.
24 CVE-2003-1099 DoS Exec Code 2003-12-31 2009-03-04
2.1
None Local Low Not required None None Partial
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
25 CVE-2002-1668 DoS 2002-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file.
26 CVE-2002-1610 DoS 2002-08-30 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service.
27 CVE-2002-1409 DoS 2003-04-11 2009-03-04
2.1
None Local Low Not required None None Partial
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
28 CVE-2002-0992 DoS 2002-10-04 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.
29 CVE-2002-0798 DoS 2002-08-12 2009-03-04
2.1
None Local Low Not required Partial None None
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.
30 CVE-2002-0577 DoS 2002-06-18 2009-03-04
2.1
None Local Low Not required None None Partial
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
31 CVE-2001-1564 DoS 2001-12-31 2009-03-04
2.1
None Local Low Not required None None Partial
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropeed, which could allow local users to cause a denial of service by exhausting available disk space.
32 CVE-2001-1439 DoS Overflow 2001-02-16 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
33 CVE-2001-1136 DoS 2001-09-13 2008-09-10
2.1
None Local Low Not required None None Partial
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
34 CVE-2001-0809 2001-12-06 2009-03-04
2.1
None Local Low Not required None Partial None
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
35 CVE-2001-0488 DoS 2001-06-27 2008-09-10
2.1
None Local Low Not required None None Partial
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
36 CVE-2001-0219 DoS 2001-03-26 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.
37 CVE-2001-0105 2001-02-12 2008-09-05
2.1
None Local Low Not required None Partial None
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
38 CVE-2001-0079 2001-02-12 2008-09-05
2.1
None Local Low Not required None Partial None
Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file.
39 CVE-2000-0972 2000-12-19 2008-09-05
2.1
None Local Low Not required Partial None None
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
40 CVE-2000-0754 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
41 CVE-1999-1408 DoS 1997-03-05 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
42 CVE-1999-1251 1 DoS 1996-12-24 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
43 CVE-1999-1205 1 DoS 1996-06-07 2008-09-05
2.1
None Local Low Not required None None Partial
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
44 CVE-1999-0132 1996-08-15 2008-09-09
2.1
None Local Low Not required Partial None None
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
Total number of vulnerabilities : 44   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.