VYPR

Hpux

by Microfocus

CVEs (295)

  • CVE-2003-1097Dec 31, 2003
    risk 0.03cvss epss 0.04

    Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

  • CVE-2003-1358Dec 31, 2003
    risk 0.03cvss epss 0.01

    rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

  • CVE-2003-1461Dec 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).

  • CVE-2003-1375Dec 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.

  • CVE-2003-1359Dec 31, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.

  • CVE-2003-0089Dec 15, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.

  • CVE-2003-0840Nov 17, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.

  • CVE-2002-1473Apr 22, 2003
    risk 0.03cvss epss 0.04

    Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

  • CVE-2002-1614Sep 9, 2002
    risk 0.03cvss epss 0.02

    Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.

  • CVE-2001-0979Sep 3, 2001
    risk 0.03cvss epss 0.02

    Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.

  • CVE-2000-1134Jan 9, 2001
    risk 0.03cvss epss 0.01

    Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

  • CVE-2000-1127Jan 9, 2001
    risk 0.03cvss epss 0.01

    registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world…

  • CVE-2000-1028Dec 11, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.

  • CVE-2000-0702Oct 20, 2000
    risk 0.03cvss epss 0.01

    The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

  • CVE-2000-0468Jun 2, 2000
    risk 0.03cvss epss 0.01

    man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

  • CVE-1999-0693Mar 2, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

  • CVE-2000-0077Jan 2, 2000
    risk 0.03cvss epss 0.01

    The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

  • CVE-1999-0014Jan 21, 1998
    risk 0.03cvss epss 0.01

    Unauthorized privileged access or denial of service via dtappgather program in CDE.

  • CVE-1999-0040May 1, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

  • CVE-1999-1408Mar 5, 1997
    risk 0.03cvss epss 0.01

    Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.

Page 3 of 15