Vendor CVEs
HPE
All CVEs
585 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12553 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12552 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12551 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12550 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12549 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12548 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12547 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12546 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2016-2023 | Med | 0.36 | 5.5 | 0.00 | May 30, 2016 | HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-2016 | Med | 0.36 | 5.5 | 0.00 | May 14, 2016 | Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and… | ||
| CVE-2018-7070 | Med | 0.35 | 5.3 | 0.02 | Aug 6, 2018 | HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | ||
| CVE-2016-4392 | Med | 0.35 | 5.4 | 0.01 | Aug 6, 2018 | A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | ||
| CVE-2017-5800 | Med | 0.35 | 5.4 | 0.01 | Feb 15, 2018 | A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found. | ||
| CVE-2017-5783 | Med | 0.35 | 5.3 | 0.01 | Feb 15, 2018 | A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found. | ||
| CVE-2017-5782 | Med | 0.35 | 5.4 | 0.01 | Feb 15, 2018 | A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found. | ||
| CVE-2017-12544 | Med | 0.35 | 5.4 | 0.05 | Feb 15, 2018 | A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2016-8532 | Med | 0.35 | 5.4 | 0.01 | Feb 15, 2018 | A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found. | ||
| CVE-2016-8531 | Med | 0.35 | 5.3 | 0.02 | Feb 15, 2018 | A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found. | ||
| CVE-2016-8522 | Med | 0.35 | 5.4 | 0.01 | Feb 15, 2018 | A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | ||
| CVE-2017-14359 | Med | 0.35 | 5.4 | 0.01 | Nov 3, 2017 | A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | ||
| CVE-2017-13991 | Med | 0.35 | 5.3 | 0.01 | Sep 30, 2017 | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | ||
| CVE-2017-13990 | Med | 0.35 | 5.3 | 0.01 | Sep 30, 2017 | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | ||
| CVE-2016-4393 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | ||
| CVE-2016-4380 | Med | 0.35 | 5.4 | 0.01 | Sep 8, 2016 | Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-2011 | Med | 0.35 | 5.4 | 0.01 | May 7, 2016 | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. | ||
| CVE-2016-2010 | Med | 0.35 | 5.4 | 0.01 | May 7, 2016 | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. | ||
| CVE-2015-5447 | Med | 0.35 | 5.4 | 0.01 | Jan 5, 2016 | Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2025-37131 | Med | 0.32 | 4.9 | 0.00 | Sep 16, 2025 | A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information. | ||
| CVE-2016-4381 | Med | 0.29 | 4.5 | 0.00 | Sep 8, 2016 | HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. | ||
| CVE-2024-42504 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2024 | A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow. | ||
| CVE-2018-7071 | Med | 0.28 | 4.3 | 0.01 | Aug 6, 2018 | HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3. | ||
| CVE-2024-54009 | Med | 0.26 | 4.0 | 0.00 | Dec 19, 2024 | Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. | ||
| CVE-2024-11856 | Low | 0.24 | 3.7 | 0.00 | Dec 2, 2024 | A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. | ||
| CVE-2016-4379 | Low | 0.24 | 3.7 | 0.02 | Sep 8, 2016 | The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay… | ||
| CVE-2025-37109 | Low | 0.23 | 3.5 | 0.00 | Jul 31, 2025 | Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | ||
| CVE-2025-37108 | Low | 0.23 | 3.5 | 0.00 | Jul 31, 2025 | Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | ||
| CVE-2016-8535 | Low | 0.23 | 3.5 | 0.01 | Feb 15, 2018 | A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found. | ||
| CVE-2024-54010 | Low | 0.22 | 3.4 | 0.00 | Jan 8, 2025 | A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires… | ||
| CVE-2025-25040 | Low | 0.21 | 3.3 | 0.00 | Mar 18, 2025 | A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is… | ||
| CVE-2021-29203 | 0.07 | — | 0.68 | May 6, 2021 | A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of… | |||
| CVE-2024-53676 | 0.06 | — | 0.51 | Nov 27, 2024 | A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. | |||
| CVE-2020-7136 | 0.05 | — | 0.80 | Apr 30, 2020 | A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the… | |||
| CVE-2005-3277 | 0.05 | — | 0.19 | Oct 21, 2005 | The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different… | |||
| CVE-2019-11944 | 0.03 | — | 0.13 | Jun 5, 2019 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||
| CVE-2006-5557 | 0.03 | — | 0.01 | Oct 27, 2006 | Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to… | |||
| CVE-2006-5556 | 0.03 | — | 0.01 | Oct 27, 2006 | Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable. | |||
| CVE-2003-1097 | 0.03 | — | 0.04 | Dec 31, 2003 | Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option. | |||
| CVE-2003-1461 | 0.03 | — | 0.02 | Dec 31, 2003 | Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473). | |||
| CVE-2003-0840 | 0.03 | — | 0.01 | Nov 17, 2003 | Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable. | |||
| CVE-2002-1473 | 0.03 | — | 0.04 | Apr 22, 2003 | Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code. |
- risk 0.36cvss 5.6epss 0.00
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.5epss 0.00
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.
- risk 0.36cvss 5.5epss 0.00
Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and…
- risk 0.35cvss 5.3epss 0.02
HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.
- risk 0.35cvss 5.4epss 0.01
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.
- risk 0.35cvss 5.4epss 0.01
A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found.
- risk 0.35cvss 5.3epss 0.01
A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.
- risk 0.35cvss 5.4epss 0.01
A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.
- risk 0.35cvss 5.4epss 0.05
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.35cvss 5.4epss 0.01
A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.
- risk 0.35cvss 5.3epss 0.02
A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.
- risk 0.35cvss 5.4epss 0.01
A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
- risk 0.35cvss 5.4epss 0.01
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.
- risk 0.35cvss 5.3epss 0.01
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
- risk 0.35cvss 5.3epss 0.01
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
- risk 0.35cvss 5.4epss 0.01
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.32cvss 4.9epss 0.00
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.
- risk 0.29cvss 4.5epss 0.00
HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors.
- risk 0.28cvss 4.3epss 0.00
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.
- risk 0.28cvss 4.3epss 0.01
HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3.
- risk 0.26cvss 4.0epss 0.00
Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.
- risk 0.24cvss 3.7epss 0.00
A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.
- risk 0.24cvss 3.7epss 0.02
The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay…
- risk 0.23cvss 3.5epss 0.00
Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
- risk 0.23cvss 3.5epss 0.00
Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
- risk 0.23cvss 3.5epss 0.01
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.
- risk 0.22cvss 3.4epss 0.00
A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires…
- risk 0.21cvss 3.3epss 0.00
A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is…
- CVE-2021-29203May 6, 2021risk 0.07cvss —epss 0.68
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of…
- CVE-2024-53676Nov 27, 2024risk 0.06cvss —epss 0.51
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.
- CVE-2020-7136Apr 30, 2020risk 0.05cvss —epss 0.80
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the…
- CVE-2005-3277Oct 21, 2005risk 0.05cvss —epss 0.19
The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different…
- CVE-2019-11944Jun 5, 2019risk 0.03cvss —epss 0.13
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2006-5557Oct 27, 2006risk 0.03cvss —epss 0.01
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to…
- CVE-2006-5556Oct 27, 2006risk 0.03cvss —epss 0.01
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.
- CVE-2003-1097Dec 31, 2003risk 0.03cvss —epss 0.04
Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.
- CVE-2003-1461Dec 31, 2003risk 0.03cvss —epss 0.02
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
- CVE-2003-0840Nov 17, 2003risk 0.03cvss —epss 0.01
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.
- CVE-2002-1473Apr 22, 2003risk 0.03cvss —epss 0.04
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
Page 7 of 12