VYPR

HP-UX

by HPE

CVEs (33)

  • CVE-2023-30903MedJun 16, 2023
    risk 0.36cvss 5.5epss 0.00

    HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

  • CVE-2016-2016MedMay 14, 2016
    risk 0.36cvss 5.5epss 0.00

    Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and…

  • CVE-2005-3277Oct 21, 2005
    risk 0.05cvss epss 0.19

    The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different…

  • CVE-2006-5556Oct 27, 2006
    risk 0.03cvss epss 0.01

    Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.

  • CVE-2006-5557Oct 27, 2006
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…

  • CVE-2003-1461Dec 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).

  • CVE-2003-1097Dec 31, 2003
    risk 0.03cvss epss 0.04

    Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

  • CVE-2003-0840Nov 17, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.

  • CVE-2002-1473Apr 22, 2003
    risk 0.03cvss epss 0.04

    Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

  • CVE-2000-0702Oct 20, 2000
    risk 0.03cvss epss 0.01

    The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

  • CVE-2000-0468Jun 2, 2000
    risk 0.03cvss epss 0.01

    man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

  • CVE-1999-0050Dec 1, 1996
    risk 0.03cvss epss 0.01

    Buffer overflow in HP-UX newgrp program.

  • CVE-2004-1332Dec 31, 2004
    risk 0.01cvss epss 0.10

    Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

  • CVE-2009-2682Sep 24, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.

  • CVE-2007-0396Jan 19, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.

  • CVE-2006-0436Jan 26, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.

  • CVE-2005-3565Nov 16, 2005
    risk 0.00cvss epss 0.03

    Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.

  • CVE-2005-2993Sep 20, 2005
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).

  • CVE-2004-0952Dec 31, 2004
    risk 0.00cvss epss 0.05

    HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.

  • CVE-2003-1360Dec 31, 2003
    risk 0.00cvss epss 0.01

    Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.

Page 1 of 2