Hpux
by Microfocus
CVEs (295)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0061 | 0.00 | — | 0.01 | Jan 11, 2002 | Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable. | |||
| CVE-2001-1509 | 0.00 | — | 0.00 | Dec 31, 2001 | geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges. | |||
| CVE-2001-1564 | 0.00 | — | 0.00 | Dec 31, 2001 | setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space. | |||
| CVE-2001-1198 | 0.00 | — | 0.01 | Dec 15, 2001 | RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option. | |||
| CVE-2001-0809 | 0.00 | — | 0.00 | Dec 6, 2001 | Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources. | |||
| CVE-2001-0772 | 0.00 | — | 0.01 | Oct 18, 2001 | Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges. | |||
| CVE-2001-1124 | 0.00 | — | 0.03 | Oct 1, 2001 | rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. | |||
| CVE-2001-0668 | 0.00 | — | 0.06 | Sep 20, 2001 | Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands. | |||
| CVE-2001-1136 | 0.00 | — | 0.01 | Sep 13, 2001 | The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. | |||
| CVE-2001-0978 | 0.00 | — | 0.02 | Sep 3, 2001 | login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. | |||
| CVE-2001-0607 | 0.00 | — | 0.00 | Aug 22, 2001 | asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083. | |||
| CVE-2001-1264 | 0.00 | — | 0.04 | Jul 19, 2001 | Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. | |||
| CVE-2001-1182 | 0.00 | — | 0.01 | Jul 17, 2001 | Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges. | |||
| CVE-2001-1181 | 0.00 | — | 0.01 | Jul 16, 2001 | Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges. | |||
| CVE-2001-1244 | 0.00 | — | 0.35 | Jul 7, 2001 | Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that… | |||
| CVE-2001-0488 | 0.00 | — | 0.00 | Jun 27, 2001 | pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service. | |||
| CVE-2001-0379 | 0.00 | — | 0.01 | Jun 18, 2001 | Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights. | |||
| CVE-2001-1256 | 0.00 | — | 0.06 | Jun 11, 2001 | kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. | |||
| CVE-2001-0551 | 0.00 | — | 0.01 | May 22, 2001 | Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window. | |||
| CVE-2001-0266 | 0.00 | — | 0.01 | May 3, 2001 | Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges. |
- CVE-2003-0061Jan 11, 2002risk 0.00cvss —epss 0.01
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.
- CVE-2001-1509Dec 31, 2001risk 0.00cvss —epss 0.00
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
- CVE-2001-1564Dec 31, 2001risk 0.00cvss —epss 0.00
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space.
- CVE-2001-1198Dec 15, 2001risk 0.00cvss —epss 0.01
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.
- CVE-2001-0809Dec 6, 2001risk 0.00cvss —epss 0.00
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
- CVE-2001-0772Oct 18, 2001risk 0.00cvss —epss 0.01
Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.
- CVE-2001-1124Oct 1, 2001risk 0.00cvss —epss 0.03
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.
- CVE-2001-0668Sep 20, 2001risk 0.00cvss —epss 0.06
Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.
- CVE-2001-1136Sep 13, 2001risk 0.00cvss —epss 0.01
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
- CVE-2001-0978Sep 3, 2001risk 0.00cvss —epss 0.02
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.
- CVE-2001-0607Aug 22, 2001risk 0.00cvss —epss 0.00
asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.
- CVE-2001-1264Jul 19, 2001risk 0.00cvss —epss 0.04
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
- CVE-2001-1182Jul 17, 2001risk 0.00cvss —epss 0.01
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
- CVE-2001-1181Jul 16, 2001risk 0.00cvss —epss 0.01
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.
- CVE-2001-1244Jul 7, 2001risk 0.00cvss —epss 0.35
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that…
- CVE-2001-0488Jun 27, 2001risk 0.00cvss —epss 0.00
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
- CVE-2001-0379Jun 18, 2001risk 0.00cvss —epss 0.01
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
- CVE-2001-1256Jun 11, 2001risk 0.00cvss —epss 0.06
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
- CVE-2001-0551May 22, 2001risk 0.00cvss —epss 0.01
Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.
- CVE-2001-0266May 3, 2001risk 0.00cvss —epss 0.01
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
Page 11 of 15