threat
engine
.sh
Back
·
··:··
Home
/
Product
/
hp ux
Product
hp ux
290 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-30903
>= 11.00 and <= 11.31
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
5.5
MEDIUM
CVE-2018-5740
all versions
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding
7.5
HIGH
CVE-2016-2776
all versions
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct
7.5
HIGH
CVE-2016-2775
all versions
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enable
5.9
MEDIUM
CVE-2015-2126
all versions
Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permiss
CVE-2015-4000
all versions
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly conv
3.7
LOW
CVE-2014-7879
all versions
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to byp
CVE-2014-7877
all versions
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
CVE-2014-7874
all versions
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3
CVE-2014-2490
all versions
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentia
CVE-2014-3956
<= b.11.31
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting
CVE-2013-6209
all versions
Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a den
CVE-2013-6200
all versions
Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data
CVE-2013-4854
all versions
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, a
CVE-2012-1823
all versions
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly
9.8
CRITICAL
CVE-2012-0131
all versions
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of s
CVE-2012-0126
all versions
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagn
CVE-2012-0125
all versions
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic informati
CVE-2011-2398
all versions
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or
CVE-2011-0896
all versions
Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a d
CVE-2011-0891
all versions
Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of
CVE-2010-4108
all versions
HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to ca
CVE-2010-2712
all versions
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privil
CVE-2010-1032
all versions
Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.
CVE-2010-1030
all versions
Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unkn
CVE-2010-0451
all versions
The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf
CVE-2009-2679
all versions
Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service
CVE-2009-2682
all versions
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intende
CVE-2009-1427
all versions
Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors rela
CVE-2009-0719
all versions
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and di
CVE-2009-0207
all versions
Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERIT
CVE-2009-0418
all versions
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin o
CVE-2008-4418
all versions
Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service vi
CVE-2008-4416
all versions
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
CVE-2008-1668
all versions
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfig
CVE-2008-1664
all versions
Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown
CVE-2008-1662
all versions
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS,
CVE-2008-1660
all versions
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and direc
CVE-2008-0713
all versions
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a d
CVE-2007-6425
all versions
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via
CVE-2007-6419
all versions
Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of
CVE-2007-6195
all versions
Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, i
CVE-2007-5946
all versions
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to o
CVE-2007-5536
all versions
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denia
CVE-2007-5302
all versions
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31,
CVE-2007-5008
all versions
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers
CVE-2007-4590
all versions
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.1
CVE-2007-4241
all versions
Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to
CVE-2007-4125
all versions
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and
CVE-2007-1994
all versions
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local u
CVE-2007-1993
all versions
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows r
CVE-2007-0916
all versions
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 al
CVE-2007-0915
all versions
Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a craf
CVE-2007-0396
all versions
Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause
CVE-2007-0394
all versions
HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain
CVE-2006-5558
all versions
Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitr
CVE-2006-5557
all versions
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows loc
CVE-2006-5556
all versions
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions all
CVE-2006-5452
all versions
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbit
CVE-2006-5151
all versions
Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers
CVE-2006-5091
all versions
Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauth
CVE-2006-4820
all versions
Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of serv
CVE-2006-4795
all versions
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before
CVE-2006-4188
all versions
Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a d
CVE-2006-4187
all versions
Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denia
CVE-2006-3335
all versions
Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unkno
CVE-2006-3201
all versions
Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial o
CVE-2006-3097
all versions
Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause
CVE-2006-2574
all versions
Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to
CVE-2006-2551
all versions
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown
CVE-2006-1689
all versions
Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified
CVE-2006-1509
all versions
/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," whic
CVE-2006-1389
all versions
Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service
CVE-2006-1248
all versions
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home
CVE-2006-0436
all versions
Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vecto
CVE-2005-4451
all versions
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack v
CVE-2005-4316
all versions
HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involve
CVE-2005-4090
all versions
Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
CVE-2005-3779
all versions
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
CVE-2005-3670
all versions
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, a
CVE-2005-3565
all versions
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attack
CVE-2005-3564
all versions
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
CVE-2005-3295
all versions
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific
CVE-2005-3277
all versions
The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters
CVE-2005-2993
all versions
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and H
CVE-2005-1192
all versions
Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attacke
CVE-2004-1029
all versions
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not pro
CVE-2005-0547
all versions
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "
CVE-2005-0364
all versions
Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.
CVE-2004-0965
all versions
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local us
CVE-2004-0940
all versions
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents
7.8
HIGH
CVE-2004-2753
all versions
Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or caus
CVE-2004-2693
all versions
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local us
CVE-2004-2665
all versions
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.
CVE-2004-1332
all versions
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to exec
CVE-2004-1328
all versions
Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.
CVE-2004-0952
all versions
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-wr
CVE-2004-0826
all versions
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code v
CVE-2004-1375
all versions
Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to
CVE-2004-0112
all versions
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the
CVE-2004-0081
all versions
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of ser
CVE-2004-0079
all versions
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of
7.5
HIGH
CVE-2004-0809
all versions
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a c
CVE-2004-0716
all versions
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitr
CVE-2004-0594
all versions
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_glob
CVE-2004-1764
all versions
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unk
CVE-2003-1461
all versions
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor
CVE-2003-1375
all versions
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large
CVE-2003-1374
all versions
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-
CVE-2003-1360
all versions
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users
CVE-2003-1359
all versions
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argu
CVE-2003-1358
all versions
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at
CVE-2003-1356
all versions
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain a
CVE-2003-1098
all versions
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
CVE-2003-1097
all versions
Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a
CVE-2003-1087
all versions
Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11
CVE-2003-0951
all versions
Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allo
CVE-2003-0914
all versions
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that
CVE-2003-0089
all versions
Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code v
CVE-2003-0840
all versions
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges vi
CVE-2003-0694
all versions
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstr
CVE-2003-0681
all versions
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final
CVE-2003-0333
all versions
Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local
CVE-2003-0201
all versions
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and
CVE-2003-0196
all versions
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service
CVE-2002-1473
all versions
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and p
CVE-2002-1409
all versions
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect refe
CVE-2002-1406
all versions
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
CVE-2003-0161
all versions
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions
CVE-2003-0028
all versions
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries
CVE-2002-1337
all versions
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields,
CVE-2003-0064
all versions
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert i
CVE-2002-2363
all versions
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.
CVE-2002-2270
all versions
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data"
CVE-2002-2262
all versions
Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via un
CVE-2002-2138
all versions
RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to caus
CVE-2002-1794
all versions
Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute
CVE-2002-1668
all versions
HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is
CVE-2002-1317
all versions
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a
CVE-2002-1618
all versions
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could
CVE-2002-0992
all versions
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial
CVE-2002-1615
all versions
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msg
CVE-2002-1612
all versions
Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
CVE-2002-1613
all versions
Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
CVE-2002-1614
all versions
Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.
CVE-2002-0679
all versions
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to exec
CVE-2002-1605
all versions
Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSE
CVE-2002-1604
all versions
Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH
CVE-2002-1608
all versions
Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
CVE-2002-1607
all versions
Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
CVE-2002-1611
all versions
Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
CVE-2002-1610
all versions
Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service.
CVE-2002-1609
all versions
Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
CVE-2002-1606
all versions
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain privileges via (1) lpc, (2) l
CVE-2002-0798
all versions
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directl
CVE-2002-0678
all versions
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction
CVE-2002-0677
all versions
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibl
CVE-2002-0585
all versions
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.
CVE-2002-0577
all versions
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
CVE-2002-0279
all versions
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial o
CVE-2003-0061
all versions
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG
CVE-2001-1564
all versions
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after
CVE-2001-1509
all versions
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could all
CVE-2001-1198
all versions
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target fil
CVE-2001-0797
all versions
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a l
CVE-2001-0817
all versions
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary fi
CVE-2001-0809
all versions
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows l
CVE-2001-0772
<= 11.11
Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow
CVE-2001-1124
all versions
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portm
CVE-2001-0668
all versions
Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary comma
CVE-2001-1136
all versions
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
CVE-2001-0979
all versions
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command l
CVE-2001-0978
all versions
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force pa
CVE-2001-0607
<= 11.00
asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional pr
CVE-2001-1264
all versions
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privil
CVE-2001-1182
all versions
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain p
CVE-2001-1181
all versions
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local
CVE-2001-1244
all versions
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting t
CVE-2001-0488
all versions
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
CVE-2001-0379
all versions
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher acce
CVE-2001-0249
all versions
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and cal
9.8
CRITICAL
CVE-2001-0248
all versions
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and cal
9.8
CRITICAL
CVE-2001-1256
all versions
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the
CVE-2001-0311
<= 11
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
CVE-2001-0551
all versions
Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard
CVE-2001-0266
<= 11.00
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
CVE-2001-0219
<= 11.11
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.
CVE-2001-1439
all versions
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local use
CVE-2001-0106
<= 11.04
Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is u
CVE-2001-0105
all versions
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
CVE-2001-0085
all versions
Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and po
CVE-2000-1134
all versions
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processin
CVE-2000-1127
all versions
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original regist
CVE-2000-1126
all versions
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or caus
CVE-1999-0307
all versions
Buffer overflow in HP-UX cstm program allows local users to gain root privileges.
CVE-2000-0972
all versions
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during t
5.5
MEDIUM
CVE-2000-0966
all versions
Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.
CVE-2000-1031
all versions
Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a lon
CVE-2000-1028
all versions
Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.
CVE-2000-0801
all versions
Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
CVE-2000-0730
all versions
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
CVE-2000-0702
all versions
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that poi
CVE-2000-0699
all versions
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary comma
CVE-2000-0573
all versions
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attacke
CVE-2000-0515
all versions
The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify
CVE-2000-0468
all versions
man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.
CVE-2000-0414
all versions
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows local users to gain privileges via malformed input variabl
CVE-2000-0083
all versions
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of serv
CVE-2000-0251
all versions
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.
CVE-1999-0693
all versions
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
CVE-2000-0159
all versions
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank a
CVE-2000-0095
all versions
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in r
CVE-2000-0078
all versions
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which ase
CVE-2000-0077
all versions
The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which
CVE-1999-1573
all versions
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec,
CVE-1999-0707
all versions
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without auth
CVE-1999-0696
all versions
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
CVE-1999-0690
all versions
HP CDE program includes the current directory in root's PATH variable.
CVE-1999-0688
all versions
Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.
CVE-1999-0686
all versions
Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.
CVE-1999-0479
all versions
Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.
CVE-1999-0436
all versions
Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.
CVE-1999-0435
all versions
MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.
CVE-1999-0432
all versions
ftp on HP-UX 11.00 allows local users to gain privileges.
CVE-1999-1247
all versions
Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.
CVE-1999-0353
all versions
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
CVE-2000-0005
all versions
HP-UX aserver program allows local users to gain privileges via a symlink attack.
CVE-1999-0057
all versions
Vacation program allows command execution by remote users through a sendmail command.
CVE-1999-0779
all versions
Denial of service in HP-UX SharedX recserv program.
CVE-1999-0333
all versions
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink
CVE-1999-1136
<= 11.00
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer fo
CVE-1999-0008
all versions
Buffer overflow in NIS+, in Sun's rpc.nisd program.
CVE-1999-0003
all versions
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
CVE-1999-0502
all versions
A Unix account has a default, null, blank, or missing password.
CVE-1999-0014
all versions
Unauthorized privileged access or denial of service via dtappgather program in CDE.
CVE-1999-0513
all versions
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
CVE-1999-0104
all versions
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
CVE-1999-0015
all versions
Teardrop IP denial of service.
CVE-1999-0016
all versions
Land IP denial of service.
CVE-1999-0216
all versions
Denial of service of inetd on Linux through SYN and RST packets.
CVE-1999-0097
all versions
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
CVE-1999-1213
all versions
Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service.
CVE-1999-0326
all versions
Vulnerability in HP-UX mediainit program.
CVE-1999-1139
<= 11.00
Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root
CVE-1999-1133
all versions
HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4)
CVE-1999-0524
all versions
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
4.0
MEDIUM
CVE-1999-1308
all versions
Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local
CVE-1999-0962
all versions
Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.
CVE-1999-0040
all versions
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
CVE-1999-0038
all versions
Buffer overflow in xlock program allows local users to execute commands as root.
8.4
HIGH
CVE-1999-1408
all versions
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to c
CVE-1999-0318
all versions
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
CVE-1999-0046
all versions
Buffer overflow of rlogin program using TERM environmental variable.
CVE-1999-1160
all versions
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
CVE-1999-0309
all versions
HP-UX vgdisplay program gives root access to local users.
CVE-1999-1144
all versions
Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.
CVE-1999-1088
<= 10.02
Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local users to gain privileges.
CVE-1999-1311
all versions
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
CVE-1999-1145
<= 10.20
Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain p
CVE-1999-1249
all versions
movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.
CVE-1999-0517
all versions
An SNMP community name is the default (e.g. public), null, or missing.
5.9
MEDIUM
CVE-1999-1251
all versions
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
CVE-1999-0127
all versions
swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain
CVE-1999-1089
<= 10.20
Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument.
CVE-1999-0129
all versions
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
CVE-1999-0050
all versions
Buffer overflow in HP-UX newgrp program.
CVE-1999-0130
all versions
Local users can start Sendmail in daemon mode and gain root privileges.
CVE-1999-1161
<= 10
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.
CVE-1999-0336
all versions
Buffer overflow in mstm in HP-UX allows local users to gain root access.
CVE-1999-0311
all versions
fpkg2swpk in HP-UX allows local users to gain root access.
CVE-1999-0308
all versions
HP-UX gwind program allows users to modify arbitrary files.
CVE-1999-0246
all versions
HP Remote Watch allows a remote user to gain root access.
CVE-1999-0961
all versions
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
CVE-1999-0131
all versions
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
CVE-1999-0324
all versions
ppl program in HP-UX allows local users to create root files through symlinks.
CVE-1999-0132
all versions
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
CVE-1999-0022
all versions
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
7.8
HIGH
CVE-1999-0138
all versions
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
CVE-1999-1205
all versions
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying crit
CVE-1999-0078
all versions
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC
CVE-1999-0325
all versions
vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.
CVE-1999-1248
<= 9.00
Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.
CVE-1999-1238
<= 9.05
Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges.
CVE-1999-1239
all versions
HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X d
CVE-1999-0423
all versions
Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.
CVE-1999-1134
all versions
Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066.
CVE-1999-1146
<= 9
Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and
CVE-1999-1135
all versions
Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438.
CVE-1999-1242
all versions
Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges.
CVE-1999-0312
all versions
HP ypbind allows attackers with root privileges to modify NIS data.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin