Hpux
by Microfocus
CVEs (295)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0219 | 0.00 | — | 0.00 | Mar 26, 2001 | Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. | |||
| CVE-2001-1439 | 0.00 | — | 0.01 | Feb 16, 2001 | Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit. | |||
| CVE-2001-0085 | 0.00 | — | 0.01 | Feb 12, 2001 | Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands. | |||
| CVE-2001-0106 | 0.00 | — | 0.02 | Feb 12, 2001 | Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server. | |||
| CVE-2001-0105 | 0.00 | — | 0.00 | Feb 12, 2001 | Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group. | |||
| CVE-2000-1126 | 0.00 | — | 0.06 | Jan 9, 2001 | Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service. | |||
| CVE-1999-0307 | 0.00 | — | 0.01 | Dec 20, 2000 | Buffer overflow in HP-UX cstm program allows local users to gain root privileges. | |||
| CVE-2000-0966 | 0.00 | — | 0.01 | Dec 19, 2000 | Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges. | |||
| CVE-2000-1031 | 0.00 | — | 0.01 | Dec 11, 2000 | Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option. | |||
| CVE-2000-0730 | 0.00 | — | 0.00 | Oct 20, 2000 | Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges. | |||
| CVE-2000-0801 | 0.00 | — | 0.01 | Oct 20, 2000 | Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option. | |||
| CVE-2000-0755 | 0.00 | — | 0.00 | Oct 20, 2000 | Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges. | |||
| CVE-2000-0414 | 0.00 | — | 0.00 | May 4, 2000 | Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. | |||
| CVE-2000-0083 | 0.00 | — | 0.01 | Apr 18, 2000 | HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. | |||
| CVE-2000-0251 | 0.00 | — | 0.02 | Apr 6, 2000 | HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. | |||
| CVE-2000-0159 | 0.00 | — | 0.02 | Feb 17, 2000 | HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. | |||
| CVE-2000-0095 | 0.00 | — | 0.02 | Jan 24, 2000 | The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier. | |||
| CVE-2000-0078 | 0.00 | — | 0.01 | Jan 2, 2000 | The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command. | |||
| CVE-1999-1573 | 0.00 | — | 0.05 | Dec 28, 1999 | Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files. | |||
| CVE-1999-0707 | 0.00 | — | 0.02 | Jul 1, 1999 | The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. |
- CVE-2001-0219Mar 26, 2001risk 0.00cvss —epss 0.00
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.
- CVE-2001-1439Feb 16, 2001risk 0.00cvss —epss 0.01
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
- CVE-2001-0085Feb 12, 2001risk 0.00cvss —epss 0.01
Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.
- CVE-2001-0106Feb 12, 2001risk 0.00cvss —epss 0.02
Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.
- CVE-2001-0105Feb 12, 2001risk 0.00cvss —epss 0.00
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
- CVE-2000-1126Jan 9, 2001risk 0.00cvss —epss 0.06
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.
- CVE-1999-0307Dec 20, 2000risk 0.00cvss —epss 0.01
Buffer overflow in HP-UX cstm program allows local users to gain root privileges.
- CVE-2000-0966Dec 19, 2000risk 0.00cvss —epss 0.01
Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.
- CVE-2000-1031Dec 11, 2000risk 0.00cvss —epss 0.01
Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.
- CVE-2000-0730Oct 20, 2000risk 0.00cvss —epss 0.00
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
- CVE-2000-0801Oct 20, 2000risk 0.00cvss —epss 0.01
Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
- CVE-2000-0755Oct 20, 2000risk 0.00cvss —epss 0.00
Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.
- CVE-2000-0414May 4, 2000risk 0.00cvss —epss 0.00
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.
- CVE-2000-0083Apr 18, 2000risk 0.00cvss —epss 0.01
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
- CVE-2000-0251Apr 6, 2000risk 0.00cvss —epss 0.02
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.
- CVE-2000-0159Feb 17, 2000risk 0.00cvss —epss 0.02
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.
- CVE-2000-0095Jan 24, 2000risk 0.00cvss —epss 0.02
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.
- CVE-2000-0078Jan 2, 2000risk 0.00cvss —epss 0.01
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
- CVE-1999-1573Dec 28, 1999risk 0.00cvss —epss 0.05
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
- CVE-1999-0707Jul 1, 1999risk 0.00cvss —epss 0.02
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.
Page 12 of 15