HP Security Vulnerabilities
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected...
7AI Score
0.001EPSS
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register...
6.6AI Score
0.0004EPSS
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer...
7.4AI Score
0.043EPSS
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier,.....
7.2AI Score
0.008EPSS
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the...
7.2AI Score
0.016EPSS
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing...
7.6AI Score
0.902EPSS
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC...
6.2AI Score
0.007EPSS
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in...
6.4AI Score
0.004EPSS
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE...
7.9AI Score
0.017EPSS
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb...
7.1AI Score
0.004EPSS
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary...
7.5AI Score
0.963EPSS
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a...
9.8AI Score
0.968EPSS
Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of...
6.5AI Score
0.013EPSS
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal...
6.9AI Score
0.001EPSS
HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable...
6.9AI Score
0.08EPSS
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u...
7.2AI Score
0.0004EPSS
Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted...
6.8AI Score
0.001EPSS
Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged...
6.5AI Score
0.002EPSS
HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan...
7AI Score
0.0004EPSS
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of...
6.5AI Score
0.0004EPSS
Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the...
7.1AI Score
0.003EPSS
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE...
6.8AI Score
0.008EPSS
HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet...
7.1AI Score
0.01EPSS
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log...
6.5AI Score
0.019EPSS
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different...
7.1AI Score
0.004EPSS
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and...
7.4AI Score
0.972EPSS
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of...
6.4AI Score
0.0004EPSS
Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP...
6.8AI Score
0.002EPSS
Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain...
6.8AI Score
0.015EPSS
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of...
6.5AI Score
0.003EPSS
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain...
6.6AI Score
0.0004EPSS
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary...
6.4AI Score
0.0004EPSS
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate...
6.5AI Score
0.014EPSS
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network...
7.1AI Score
0.012EPSS
Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object...
7.6AI Score
0.0004EPSS
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain...
7.2AI Score
0.0004EPSS
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L...
7AI Score
0.0004EPSS
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain...
6.8AI Score
0.0004EPSS
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of...
6.8AI Score
0.001EPSS
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer...
6.9AI Score
0.014EPSS
Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary...
7.6AI Score
0.034EPSS
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line...
7.8AI Score
0.01EPSS
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS...
7.6AI Score
0.021EPSS
Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP)...
7.3AI Score
0.01EPSS
Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help...
7.5AI Score
0.0004EPSS
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the...
7.3AI Score
0.003EPSS
The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the...
7.5AI Score
0.004EPSS
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line...
7AI Score
0.0004EPSS
Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment...
7AI Score
0.0004EPSS
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain...
6.4AI Score
0.0004EPSS