VYPR

Hpux

by Microfocus

CVEs (295)

  • CVE-2004-0594Jul 27, 2004
    risk 0.07cvss epss 0.55

    The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function…

  • CVE-1999-0502Mar 1, 1998
    risk 0.07cvss epss 0.52

    A Unix account has a default, null, blank, or missing password.

  • CVE-1999-0046Feb 6, 1997
    risk 0.07cvss epss 0.53

    Buffer overflow of rlogin program using TERM environmental variable.

  • CVE-2003-0161Apr 2, 2003
    risk 0.06cvss epss 0.38

    The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control…

  • CVE-1999-0015Dec 16, 1997
    risk 0.06cvss epss 0.36

    Teardrop IP denial of service.

  • CVE-2005-3277Oct 21, 2005
    risk 0.05cvss epss 0.19

    The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different…

  • CVE-2003-0681Oct 6, 2003
    risk 0.05cvss epss 0.20

    A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

  • CVE-2002-1317Dec 11, 2002
    risk 0.05cvss epss 0.24

    Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

  • CVE-1999-0003Apr 1, 1998
    risk 0.05cvss epss 0.24

    Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

  • CVE-2006-5558Oct 27, 2006
    risk 0.04cvss epss 0.07

    Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…

  • CVE-2005-4316Dec 17, 2005
    risk 0.04cvss epss 0.07

    HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

  • CVE-2004-1029Mar 1, 2005
    risk 0.04cvss epss 0.17

    The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute…

  • CVE-2002-1605Sep 2, 2002
    risk 0.04cvss epss 0.13

    Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession.

  • CVE-2001-0311Jun 2, 2001
    risk 0.04cvss epss 0.12

    Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.

  • CVE-2000-0699Oct 20, 2000
    risk 0.04cvss epss 0.14

    Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.

  • CVE-2000-0515Jun 7, 2000
    risk 0.04cvss epss 0.08

    The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

  • CVE-1999-0696Jul 1, 1999
    risk 0.04cvss epss 0.12

    Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

  • CVE-2013-4854Jul 29, 2013
    risk 0.03cvss epss 0.34

    The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon…

  • CVE-2006-5557Oct 27, 2006
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…

  • CVE-2006-5556Oct 27, 2006
    risk 0.03cvss epss 0.01

    Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.

Page 2 of 15