| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. |
| Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. |
| Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. |
| The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. |
| Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges. |
| ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. |
| hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop. |
| Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file. |
| Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges. |
| Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges. |
| Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges. |
| HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100. |
| HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). |
| Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. |
| nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. |
| Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. |
| Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438. |
| HP Remote Watch allows a remote user to gain root access. |
| Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument. |
| Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. |
