Every CVE whose affected-product data names Hp Hp-ux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-1999-0097 — CVSS 10.0 (critical): The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
CVE-2001-1264 — CVSS 10.0 (critical): Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
CVE-2002-1794 — CVSS 10.0 (critical): Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute…
CVE-2001-0817 — CVSS 10.0 (critical): Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and…
CVE-2012-0131 — CVSS 10.0 (critical): Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or…
CVE-2001-0797 — CVSS 10.0 (critical): Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large…
CVE-2004-0716 — CVSS 10.0 (critical): Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code…
CVE-2003-0161 — CVSS 10.0 (critical): The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char…
CVE-2000-1126 — CVSS 10.0 (critical): Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a…
CVE-2005-3277 — CVSS 10.0 (critical): The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or…
CVE-2008-1668 — CVSS 10.0 (critical): ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations…
CVE-2008-1662 — CVSS 10.0 (critical): Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might…
CVE-2007-6425 — CVSS 10.0 (critical): Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown…
CVE-2007-6195 — CVSS 10.0 (critical): Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP…
CVE-2000-0699 — CVSS 10.0 (critical): Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via…
CVE-2000-0573 — CVSS 10.0 (critical): The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to…
CVE-2000-0515 — CVSS 10.0 (critical): The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP…
CVE-2005-4090 — CVSS 10.0 (critical): Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
CVE-2007-4241 — CVSS 10.0 (critical): Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute…
CVE-2006-5151 — CVSS 10.0 (critical): Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain…
CVE-2006-5558 — CVSS 10.0 (critical): Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code…
CVE-2007-0915 — CVSS 10.0 (critical): Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC…
CVE-1999-1160 — CVSS 10.0 (critical): Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
CVE-2003-0196 — CVSS 10.0 (critical): Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as…
CVE-2003-0201 — CVSS 10.0 (critical): Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG…
CVE-2002-1337 — CVSS 10.0 (critical): Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related…
CVE-1999-1573 — CVSS 10.0 (critical): Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8)…
CVE-2002-0679 — CVSS 10.0 (critical): Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute…
CVE-2003-0694 — CVSS 10.0 (critical): The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated…
CVE-2001-0249 — CVSS 9.8 (critical): Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the…
CVE-2001-0248 — CVSS 9.8 (critical): Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the…
CVE-2014-2490 — CVSS 9.3 (critical): Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality…
CVE-1999-0353 — CVSS 9.3 (critical): rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
CVE-2009-0418 — CVSS 9.3 (critical): The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of…
CVE-2004-1029 — CVSS 9.3 (critical): The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly…
CVE-2007-1993 — CVSS 9.3 (critical): Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote…
CVE-2007-5008 — CVSS 9.0 (critical): The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to…
CVE-2014-7879 — CVSS 8.5 (high): HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass…
CVE-2007-6419 — CVSS 7.8 (high): Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service…
CVE-2008-1664 — CVSS 7.8 (high): Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
CVE-2005-4316 — CVSS 7.8 (high): HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending…
CVE-2004-0940 — CVSS 7.8 (high): Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to…
CVE-2009-2679 — CVSS 7.8 (high): Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via…
CVE-2005-3670 — CVSS 7.8 (high): Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and…
CVE-2013-4854 — CVSS 7.8 (high): The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco…
CVE-2008-4418 — CVSS 7.8 (high): Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown…
CVE-2006-1389 — CVSS 7.8 (high): Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service…
CVE-2001-0978 — CVSS 7.5 (high): login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password…
CVE-2018-5740 — CVSS 7.5 (high): "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks…
CVE-2016-2776 — CVSS 7.5 (high): buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct…
CVE-1999-0333 — CVSS 7.5 (high): HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.
CVE-1999-0707 — CVSS 7.5 (high): The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.
CVE-2005-4451 — CVSS 7.5 (high): Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
CVE-2000-0159 — CVSS 7.5 (high): HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow…
CVE-2005-3565 — CVSS 7.5 (high): Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to…
CVE-2004-1332 — CVSS 7.5 (high): Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute…
CVE-2004-0826 — CVSS 7.5 (high): Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a…
CVE-2001-0668 — CVSS 7.5 (high): Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.
CVE-2004-0079 — CVSS 7.5 (high): The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service…
CVE-2003-0951 — CVSS 7.5 (high): Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows…
CVE-2002-0677 — CVSS 7.5 (high): CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain…
CVE-2003-0681 — CVSS 7.5 (high): A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3)…
CVE-2002-1317 — CVSS 7.5 (high): Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of…
CVE-2002-1604 — CVSS 7.5 (high): Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH…
CVE-2002-1605 — CVSS 7.5 (high): Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET…
CVE-2003-0064 — CVSS 7.5 (high): The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to…
CVE-2003-0028 — CVSS 7.5 (high): Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived…
CVE-1999-1134 — CVSS 7.2 (high): Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066.
CVE-2000-0077 — CVSS 7.2 (high): The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver…
CVE-2000-0078 — CVSS 7.2 (high): The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses…
CVE-1999-1089 — CVSS 7.2 (high): Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument.
CVE-1999-0040 — CVSS 7.2 (high): Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
CVE-1999-1088 — CVSS 7.2 (high): Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local users to gain privileges.
CVE-2005-3779 — CVSS 7.2 (high): Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
CVE-1999-0962 — CVSS 7.2 (high): Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.
CVE-2007-5946 — CVSS 7.2 (high): Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain…
CVE-1999-0693 — CVSS 7.2 (high): Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
CVE-2000-0702 — CVSS 7.2 (high): The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from…
CVE-2002-1613 — CVSS 7.2 (high): Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
CVE-2000-0801 — CVSS 7.2 (high): Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
CVE-2005-3564 — CVSS 7.2 (high): envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
CVE-1999-0435 — CVSS 7.2 (high): MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.
CVE-2000-1028 — CVSS 7.2 (high): Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.
CVE-2004-2693 — CVSS 7.2 (high): HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to…
CVE-2004-1764 — CVSS 7.2 (high): Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown…
CVE-2000-1134 — CVSS 7.2 (high): Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing <<…
CVE-2001-0085 — CVSS 7.2 (high): Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly…
CVE-2002-1614 — CVSS 7.2 (high): Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.
CVE-2004-1328 — CVSS 7.2 (high): Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.
CVE-1999-0318 — CVSS 7.2 (high): Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
CVE-2001-0266 — CVSS 7.2 (high): Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
CVE-2004-0965 — CVSS 7.2 (high): stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to…
CVE-2009-2682 — CVSS 7.2 (high): Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access…
CVE-2001-0551 — CVSS 7.2 (high): Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the…
CVE-2003-0089 — CVSS 7.2 (high): Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long…
CVE-2002-1615 — CVSS 7.2 (high): Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or…
CVE-2003-1461 — CVSS 7.2 (high): Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable…
CVE-1999-0138 — CVSS 7.2 (high): The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
CVE-2001-0979 — CVSS 7.2 (high): Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line…
CVE-2003-1375 — CVSS 7.2 (high): Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as…
CVE-2003-1360 — CVSS 7.2 (high): Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to…
CVE-2001-1181 — CVSS 7.2 (high): Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to…
CVE-2001-1182 — CVSS 7.2 (high): Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
CVE-2001-1198 — CVSS 7.2 (high): RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the…
CVE-2003-1359 — CVSS 7.2 (high): Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
CVE-2003-1358 — CVSS 7.2 (high): rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised…
CVE-1999-0131 — CVSS 7.2 (high): Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
CVE-2003-1356 — CVSS 7.2 (high): The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or…
CVE-2003-1098 — CVSS 7.2 (high): The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
CVE-2003-1097 — CVSS 7.2 (high): Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l…
CVE-2003-0061 — CVSS 7.2 (high): Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG…
CVE-2003-0840 — CVSS 7.2 (high): Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long…
CVE-2002-1618 — CVSS 7.2 (high): JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow…
CVE-2002-0678 — CVSS 7.2 (high): CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file…
CVE-1999-0127 — CVSS 7.2 (high): swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root…
CVE-2002-2363 — CVSS 7.2 (high): VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.
CVE-2003-0333 — CVSS 7.2 (high): Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to…
CVE-2002-1612 — CVSS 7.2 (high): Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
CVE-2015-2126 — CVSS 7.2 (high): Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions.
CVE-2002-1406 — CVSS 7.2 (high): Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
CVE-1999-1146 — CVSS 7.2 (high): Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain…
CVE-1999-1161 — CVSS 7.2 (high): Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.
CVE-1999-1145 — CVSS 7.2 (high): Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.
CVE-1999-1144 — CVSS 7.2 (high): Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.
CVE-2006-0436 — CVSS 7.2 (high): Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.
CVE-1999-1139 — CVSS 7.2 (high): Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root…
CVE-1999-1247 — CVSS 7.2 (high): Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.
CVE-2006-5091 — CVSS 7.2 (high): Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized…
CVE-2006-3335 — CVSS 7.2 (high): Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack…
CVE-2006-2574 — CVSS 7.2 (high): Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain…
CVE-2006-1689 — CVSS 7.2 (high): Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access.
CVE-1999-1135 — CVSS 7.2 (high): Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438.
CVE-2007-0396 — CVSS 7.1 (high): Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial…
CVE-2007-4125 — CVSS 7.1 (high): Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31…
CVE-2008-0713 — CVSS 6.8 (medium): Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of…
CVE-2009-0207 — CVSS 6.8 (medium): Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File…
CVE-2010-2712 — CVSS 6.8 (medium): Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via…
CVE-2010-4108 — CVSS 6.8 (medium): HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a…
CVE-2011-0896 — CVSS 6.8 (medium): Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of…
CVE-2011-2398 — CVSS 6.8 (medium): Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a…
CVE-2014-7874 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on…
CVE-2004-0952 — CVSS 6.4 (medium): HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable…
CVE-2008-1660 — CVSS 6.3 (medium): Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories…
CVE-2013-6200 — CVSS 6.2 (medium): Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via…
CVE-1999-0961 — CVSS 6.2 (medium): HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
CVE-2009-0719 — CVSS 6.0 (medium): Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories…
CVE-2016-2775 — CVSS 5.9 (medium): ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows…
CVE-2012-0126 — CVSS 5.8 (medium): Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic…
CVE-2004-2753 — CVSS 5.6 (medium): Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a…
CVE-2023-30903 — CVSS 5.5 (medium): HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
CVE-2000-0972 — CVSS 5.5 (medium): HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the…
CVE-2004-0594 — CVSS 5.1 (medium): The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is…
CVE-2006-4188 — CVSS 5.0 (medium): Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of…
CVE-2004-0112 — CVSS 5.0 (medium): The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of…
CVE-2004-0809 — CVSS 5.0 (medium): The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain…
CVE-2002-2262 — CVSS 5.0 (medium): Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown…
CVE-1999-0513 — CVSS 5.0 (medium): ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
CVE-2001-1244 — CVSS 5.0 (medium): Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the…
CVE-2000-0251 — CVSS 5.0 (medium): HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.
CVE-2000-0095 — CVSS 5.0 (medium): The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response…
CVE-2001-1124 — CVSS 5.0 (medium): rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap…
CVE-2002-0585 — CVSS 5.0 (medium): Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.
CVE-2004-0081 — CVSS 5.0 (medium): OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service…
CVE-2001-0106 — CVSS 5.0 (medium): Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a…
CVE-2003-1087 — CVSS 5.0 (medium): Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and…
CVE-2005-0364 — CVSS 5.0 (medium): Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.
CVE-2002-2138 — CVSS 5.0 (medium): RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a…
CVE-2005-1192 — CVSS 5.0 (medium): Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to…