CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP » Hp-ux : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6209 DoS 2014-03-14 2014-03-14
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.
2 CVE-2011-0891 DoS 2011-04-04 2011-04-20
4.4
None Local Medium Single system None None Complete
Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.
3 CVE-2010-1032 DoS 2010-04-21 2011-07-18
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.
4 CVE-2010-1030 DoS 2010-03-31 2011-07-18
4.4
None Local Medium Single system None None Complete
Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.
5 CVE-2010-0451 264 2010-03-29 2011-07-18
4.0
None Remote High Not required Partial Partial None
The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.
6 CVE-2008-4416 DoS 2008-12-04 2009-03-04
4.6
None Local Low Single system None None Complete
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
7 CVE-2007-5302 79 XSS 2007-10-09 2011-09-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8 CVE-2007-1994 DoS 2007-04-12 2009-03-04
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.
9 CVE-2007-0916 DoS 2007-02-13 2011-04-06
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
10 CVE-2007-0394 +Priv 2007-01-19 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
11 CVE-2006-5557 Exec Code Overflow 2006-10-27 2009-03-04
4.6
User Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
12 CVE-2006-5556 Exec Code Overflow 2006-10-27 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.
13 CVE-2006-5452 Exec Code Overflow 2006-10-23 2009-03-04
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
14 CVE-2006-4795 DoS 2006-09-14 2009-03-04
4.6
None Local Low Single system None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.
15 CVE-2006-3201 DoS 2006-06-23 2009-03-04
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
16 CVE-2006-3097 DoS 2006-06-20 2009-03-04
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
17 CVE-2006-1509 DoS 2006-03-29 2008-09-05
4.9
None Local Low Not required None None Complete
/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.
18 CVE-2006-1248 2006-03-17 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
19 CVE-2005-0547 2005-02-24 2009-03-04
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."
20 CVE-2004-2665 DoS 2004-12-31 2009-03-04
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
21 CVE-2004-1375 +Priv 2004-12-23 2009-03-04
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.
22 CVE-2003-1374 119 Exec Code Overflow 2003-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
23 CVE-2003-0914 2003-12-15 2008-09-10
4.3
None Remote Medium Not required None Partial None
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
24 CVE-2002-1611 Overflow +Priv 2002-08-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
25 CVE-2002-1609 Overflow +Priv 2002-08-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
26 CVE-2002-1608 Exec Code Overflow 2002-08-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
27 CVE-2002-1607 Exec Code Overflow 2002-08-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
28 CVE-2002-1606 Overflow +Priv 2002-08-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain privileges via (1) lpc, (2) lpd, (3) lpq, (4) lpr, or (5) lprm.
29 CVE-2002-1473 DoS Exec Code Overflow 2003-04-22 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
30 CVE-2002-0279 DoS +Priv 2002-05-31 2009-03-04
4.6
User Local Low Not required Partial Partial Partial
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.
31 CVE-2001-1509 +Priv 2001-12-31 2009-03-04
4.6
User Local Low Not required Partial Partial Partial
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
32 CVE-2001-0772 DoS Overflow +Priv 2001-10-18 2009-03-04
4.6
None Local Low Not required Partial Partial Partial
Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.
33 CVE-2001-0607 DoS +Priv 2001-08-22 2009-03-04
4.6
User Local Low Not required Partial Partial Partial
asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.
34 CVE-2001-0379 2001-06-18 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
35 CVE-2001-0311 2001-06-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
36 CVE-2000-1031 Exec Code Overflow 2000-12-11 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.
37 CVE-2000-0966 Overflow +Priv 2000-12-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.
38 CVE-2000-0730 +Priv 2000-10-20 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
39 CVE-2000-0468 2000-06-02 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.
40 CVE-2000-0414 +Priv 2000-05-04 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.
41 CVE-2000-0083 DoS +Priv 2000-04-18 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
42 CVE-1999-1311 +Priv Bypass 1997-01-07 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
43 CVE-1999-1308 +Priv 1997-07-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.
44 CVE-1999-1249 +Priv 1997-01-06 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.
45 CVE-1999-1248 1 +Priv 1994-11-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.
46 CVE-1999-1242 1 +Priv 1994-02-07 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges.
47 CVE-1999-1239 1994-07-13 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so.
48 CVE-1999-1238 +Priv 1994-09-21 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges.
49 CVE-1999-1136 200 +Info 1998-07-30 2013-09-10
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.
50 CVE-1999-1133 +Priv 1997-09-01 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.
Total number of vulnerabilities : 57   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.