| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges. |
| Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors. |
| Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges. |
| The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. |
| Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges. |
| stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs. |
| login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. |
| Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. |
| HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. |
| Local user gains root privileges via buffer overflow in rdist, via expstr() function. |
| Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. |
| The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. |
| Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. |
| Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. |
| vhe_u_mnt program in HP-UX allows local users to create root files through symlinks. |
| swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access. |
| Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). |
| Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
| HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. |