Hpux
by Microfocus
CVEs (295)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0594 | 0.07 | — | 0.55 | Jul 27, 2004 | The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function… | |||
| CVE-1999-0502 | 0.07 | — | 0.52 | Mar 1, 1998 | A Unix account has a default, null, blank, or missing password. | |||
| CVE-1999-0046 | 0.07 | — | 0.53 | Feb 6, 1997 | Buffer overflow of rlogin program using TERM environmental variable. | |||
| CVE-2003-0161 | 0.06 | — | 0.38 | Apr 2, 2003 | The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control… | |||
| CVE-1999-0015 | 0.06 | — | 0.36 | Dec 16, 1997 | Teardrop IP denial of service. | |||
| CVE-2005-3277 | 0.05 | — | 0.19 | Oct 21, 2005 | The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different… | |||
| CVE-2003-0681 | 0.05 | — | 0.20 | Oct 6, 2003 | A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | |||
| CVE-2002-1317 | 0.05 | — | 0.24 | Dec 11, 2002 | Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. | |||
| CVE-1999-0003 | 0.05 | — | 0.24 | Apr 1, 1998 | Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). | |||
| CVE-2006-5558 | 0.04 | — | 0.07 | Oct 27, 2006 | Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to… | |||
| CVE-2005-4316 | 0.04 | — | 0.07 | Dec 17, 2005 | HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. | |||
| CVE-2004-1029 | 0.04 | — | 0.17 | Mar 1, 2005 | The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute… | |||
| CVE-2002-1605 | 0.04 | — | 0.13 | Sep 2, 2002 | Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession. | |||
| CVE-2001-0311 | 0.04 | — | 0.12 | Jun 2, 2001 | Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client. | |||
| CVE-2000-0699 | 0.04 | — | 0.14 | Oct 20, 2000 | Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command. | |||
| CVE-2000-0515 | 0.04 | — | 0.08 | Jun 7, 2000 | The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges. | |||
| CVE-1999-0696 | 0.04 | — | 0.12 | Jul 1, 1999 | Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). | |||
| CVE-2013-4854 | 0.03 | — | 0.34 | Jul 29, 2013 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon… | |||
| CVE-2006-5557 | 0.03 | — | 0.01 | Oct 27, 2006 | Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to… | |||
| CVE-2006-5556 | 0.03 | — | 0.01 | Oct 27, 2006 | Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable. |
- CVE-2004-0594Jul 27, 2004risk 0.07cvss —epss 0.55
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function…
- CVE-1999-0502Mar 1, 1998risk 0.07cvss —epss 0.52
A Unix account has a default, null, blank, or missing password.
- CVE-1999-0046Feb 6, 1997risk 0.07cvss —epss 0.53
Buffer overflow of rlogin program using TERM environmental variable.
- CVE-2003-0161Apr 2, 2003risk 0.06cvss —epss 0.38
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control…
- CVE-1999-0015Dec 16, 1997risk 0.06cvss —epss 0.36
Teardrop IP denial of service.
- CVE-2005-3277Oct 21, 2005risk 0.05cvss —epss 0.19
The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different…
- CVE-2003-0681Oct 6, 2003risk 0.05cvss —epss 0.20
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
- CVE-2002-1317Dec 11, 2002risk 0.05cvss —epss 0.24
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
- CVE-1999-0003Apr 1, 1998risk 0.05cvss —epss 0.24
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
- CVE-2006-5558Oct 27, 2006risk 0.04cvss —epss 0.07
Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…
- CVE-2005-4316Dec 17, 2005risk 0.04cvss —epss 0.07
HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
- CVE-2004-1029Mar 1, 2005risk 0.04cvss —epss 0.17
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute…
- CVE-2002-1605Sep 2, 2002risk 0.04cvss —epss 0.13
Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession.
- CVE-2001-0311Jun 2, 2001risk 0.04cvss —epss 0.12
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
- CVE-2000-0699Oct 20, 2000risk 0.04cvss —epss 0.14
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
- CVE-2000-0515Jun 7, 2000risk 0.04cvss —epss 0.08
The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.
- CVE-1999-0696Jul 1, 1999risk 0.04cvss —epss 0.12
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
- CVE-2013-4854Jul 29, 2013risk 0.03cvss —epss 0.34
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon…
- CVE-2006-5557Oct 27, 2006risk 0.03cvss —epss 0.01
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…
- CVE-2006-5556Oct 27, 2006risk 0.03cvss —epss 0.01
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.
Page 2 of 15