Hpux
by Microfocus
CVEs (295)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0965 | 0.00 | — | 0.01 | Feb 9, 2005 | stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs. | |||
| CVE-2004-2753 | 0.00 | — | 0.00 | Dec 31, 2004 | Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner." | |||
| CVE-2004-0952 | 0.00 | — | 0.05 | Dec 31, 2004 | HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. | |||
| CVE-2004-2665 | 0.00 | — | 0.00 | Dec 31, 2004 | Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2004-2693 | 0.00 | — | 0.00 | Dec 31, 2004 | HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | |||
| CVE-2004-1328 | 0.00 | — | 0.01 | Dec 31, 2004 | Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges. | |||
| CVE-2004-1375 | 0.00 | — | 0.00 | Dec 23, 2004 | Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges. | |||
| CVE-2004-1764 | 0.00 | — | 0.01 | Jan 14, 2004 | Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors. | |||
| CVE-2003-1360 | 0.00 | — | 0.01 | Dec 31, 2003 | Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable. | |||
| CVE-2003-1087 | 0.00 | — | 0.03 | Dec 31, 2003 | Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic. | |||
| CVE-2003-1374 | 0.00 | — | 0.01 | Dec 31, 2003 | Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options. | |||
| CVE-2003-1356 | 0.00 | — | 0.00 | Dec 31, 2003 | The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. | |||
| CVE-2003-1098 | 0.00 | — | 0.01 | Dec 31, 2003 | The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges. | |||
| CVE-2003-0914 | 0.00 | — | 0.03 | Dec 15, 2003 | ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. | |||
| CVE-2003-0951 | 0.00 | — | 0.01 | Dec 15, 2003 | Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges. | |||
| CVE-2003-0333 | 0.00 | — | 0.01 | May 19, 2003 | Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying… | |||
| CVE-2002-1406 | 0.00 | — | 0.01 | Apr 11, 2003 | Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior." | |||
| CVE-2002-1409 | 0.00 | — | 0.01 | Apr 11, 2003 | ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state." | |||
| CVE-2003-0064 | 0.00 | — | 0.03 | Mar 3, 2003 | The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker… | |||
| CVE-2002-2262 | 0.00 | — | 0.02 | Dec 31, 2002 | Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors. |
- CVE-2004-0965Feb 9, 2005risk 0.00cvss —epss 0.01
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
- CVE-2004-2753Dec 31, 2004risk 0.00cvss —epss 0.00
Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner."
- CVE-2004-0952Dec 31, 2004risk 0.00cvss —epss 0.05
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
- CVE-2004-2665Dec 31, 2004risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
- CVE-2004-2693Dec 31, 2004risk 0.00cvss —epss 0.00
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
- CVE-2004-1328Dec 31, 2004risk 0.00cvss —epss 0.01
Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.
- CVE-2004-1375Dec 23, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.
- CVE-2004-1764Jan 14, 2004risk 0.00cvss —epss 0.01
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
- CVE-2003-1360Dec 31, 2003risk 0.00cvss —epss 0.01
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
- CVE-2003-1087Dec 31, 2003risk 0.00cvss —epss 0.03
Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic.
- CVE-2003-1374Dec 31, 2003risk 0.00cvss —epss 0.01
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
- CVE-2003-1356Dec 31, 2003risk 0.00cvss —epss 0.00
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.
- CVE-2003-1098Dec 31, 2003risk 0.00cvss —epss 0.01
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
- CVE-2003-0914Dec 15, 2003risk 0.00cvss —epss 0.03
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
- CVE-2003-0951Dec 15, 2003risk 0.00cvss —epss 0.01
Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.
- CVE-2003-0333May 19, 2003risk 0.00cvss —epss 0.01
Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying…
- CVE-2002-1406Apr 11, 2003risk 0.00cvss —epss 0.01
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
- CVE-2002-1409Apr 11, 2003risk 0.00cvss —epss 0.01
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
- CVE-2003-0064Mar 3, 2003risk 0.00cvss —epss 0.03
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker…
- CVE-2002-2262Dec 31, 2002risk 0.00cvss —epss 0.02
Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.
Page 9 of 15