Hp-ux@11.23 Security Vulnerabilities and Issues — Hp-ux@11.23 CVE List

Lucene search

HpHp-ux11.23

49 matches found

CVE•added 2004/12/31 5:0 a.m.•142 views

CVE-2004-0826

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

7.5CVSS7.7AI score0.02995EPSS

CVE•added 2004/11/23 5:0 a.m.•109 views

CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

7.5CVSS7.1AI score0.02058EPSS

CVE•added 2004/11/23 5:0 a.m.•88 views

CVE-2004-0081

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

5CVSS7.2AI score0.02271EPSS

CVE•added 2004/11/23 5:0 a.m.•88 views

CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-b...

5CVSS7.2AI score0.00942EPSS

CVE•added 2004/09/17 4:0 a.m.•72 views

CVE-2004-0809

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

5CVSS7.2AI score0.16458EPSS

CVE•added 2005/05/02 4:0 a.m.•64 views

CVE-2005-1192

Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.

5CVSS7.3AI score0.59911EPSS

CVE•added 2005/03/01 5:0 a.m.•60 views

CVE-2004-1029

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using ...

9.3CVSS7.3AI score0.42558EPSS

CVE•added 2008/08/08 7:41 p.m.•57 views

CVE-2008-1664

Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

7.8CVSS6.6AI score0.02728EPSS

CVE•added 2006/03/30 1:6 a.m.•56 views

CVE-2006-1509

/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.

4.9CVSS6AI score0.00078EPSS

CVE•added 2006/07/03 1:5 a.m.•51 views

CVE-2006-3335

Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.

7.2CVSS6.4AI score0.00061EPSS

CVE•added 2005/02/11 5:0 a.m.•49 views

CVE-2005-0364

Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.

5CVSS6.6AI score0.00826EPSS

CVE•added 2007/08/01 4:17 p.m.•49 views

CVE-2007-4125

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors.

7.1CVSS6.6AI score0.00667EPSS

CVE•added 2006/10/23 5:7 p.m.•47 views

CVE-2006-5452

Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.

4.6CVSS7.4AI score0.00211EPSS

CVE•added 2005/01/06 5:0 a.m.•46 views

CVE-2004-1332

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

7.5CVSS9.9AI score0.11894EPSS

CVE•added 2005/09/20 8:3 p.m.•46 views

CVE-2005-2993

Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).

1.7CVSS6.2AI score0.00176EPSS

CVE•added 2005/08/19 4:0 a.m.•45 views

CVE-2004-0952

HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.

6.4CVSS6.7AI score0.01653EPSS

CVE•added 2007/02/14 2:28 a.m.•45 views

CVE-2007-0916

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

4.9CVSS5.9AI score0.00072EPSS

CVE•added 2007/11/14 1:46 a.m.•45 views

CVE-2007-5946

Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.

7.2CVSS6.1AI score0.00053EPSS

CVE•added 2007/12/15 1:46 a.m.•44 views

CVE-2007-6195

Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request.

10CVSS7.9AI score0.28238EPSS

CVE•added 2007/12/24 8:46 p.m.•44 views

CVE-2007-6419

Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

7.8CVSS6.5AI score0.02777EPSS

CVE•added 2005/11/16 7:42 a.m.•42 views

CVE-2005-3565

Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.

7.5CVSS6.8AI score0.04234EPSS

CVE•added 2005/11/23 1:3 a.m.•42 views

CVE-2005-3779

Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.

7.2CVSS6.5AI score0.00064EPSS

CVE•added 2007/01/19 11:28 p.m.•41 views

CVE-2007-0396

Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.

7.1CVSS6.4AI score0.00705EPSS

CVE•added 2007/10/09 6:17 p.m.•41 views

CVE-2007-5302

Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00563EPSS

CVE•added 2007/10/18 12:17 a.m.•41 views

CVE-2007-5536

Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.

4.9CVSS6AI score0.00089EPSS

CVE•added 2005/11/18 9:3 p.m.•40 views

CVE-2005-3670

Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via cer...

7.8CVSS6.9AI score0.2526EPSS

CVE•added 2005/12/08 11:3 a.m.•40 views

CVE-2005-4090

Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.

10CVSS6.7AI score0.02775EPSS

CVE•added 2006/03/17 7:2 p.m.•40 views

CVE-2006-1248

Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended...

4.6CVSS6.4AI score0.00088EPSS

CVE•added 2006/09/15 9:7 p.m.•40 views

CVE-2006-4820

Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

2.1CVSS6.2AI score0.00062EPSS

CVE•added 2006/10/05 4:4 a.m.•40 views

CVE-2006-5151

Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.

10CVSS7.1AI score0.04532EPSS

CVE•added 2007/08/29 1:17 a.m.•40 views

CVE-2007-4590

The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.

3.3CVSS6.5AI score0.00077EPSS

CVE•added 2008/05/21 1:24 p.m.•40 views

CVE-2008-1660

Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.

6.3CVSS6.1AI score0.0006EPSS

CVE•added 2005/02/09 5:0 a.m.•39 views

CVE-2004-0965

stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.

7.2CVSS7AI score0.00059EPSS

CVE•added 2005/01/19 5:0 a.m.•39 views

CVE-2004-1375

Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.

4.6CVSS6.3AI score0.00107EPSS

CVE•added 2006/06/23 8:6 p.m.•39 views

CVE-2006-3201

Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

4.9CVSS6.1AI score0.00075EPSS

CVE•added 2006/08/17 12:4 a.m.•39 views

CVE-2006-4187

Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.

2.1CVSS6.2AI score0.00099EPSS

CVE•added 2006/08/17 12:4 a.m.•38 views

CVE-2006-4188

Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.

5CVSS6.5AI score0.05211EPSS

CVE•added 2006/09/29 8:7 p.m.•38 views

CVE-2006-5091

Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.

7.2CVSS6.9AI score0.00053EPSS

CVE•added 2007/09/20 9:17 p.m.•38 views

CVE-2007-5008

The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.

9CVSS6.8AI score0.01092EPSS

CVE•added 2005/12/17 11:3 a.m.•37 views

CVE-2005-4316

HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

7.8CVSS6.4AI score0.164EPSS

CVE•added 2008/05/13 8:20 p.m.•37 views

CVE-2008-0713

Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.

6.8CVSS6AI score0.00625EPSS

CVE•added 2012/03/28 10:54 a.m.•37 views

CVE-2012-0126

Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.

5.8CVSS6.4AI score0.00843EPSS

CVE•added 2003/12/15 5:0 a.m.•36 views

CVE-2003-0951

Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.

7.5CVSS6.9AI score0.00355EPSS

CVE•added 2006/09/14 9:7 p.m.•36 views

CVE-2006-4795

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.

4.6CVSS6.2AI score0.00048EPSS

CVE•added 2005/02/25 5:0 a.m.•33 views

CVE-2005-0547

Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."

4.6CVSS9.1AI score0.00374EPSS

CVE•added 2005/10/23 9:2 p.m.•32 views

CVE-2005-3295

Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."

2.1CVSS6.2AI score0.00104EPSS

CVE•added 2006/05/24 11:2 p.m.•32 views

CVE-2006-2574

Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.

7.2CVSS6.6AI score0.00104EPSS

CVE•added 2006/06/20 5:2 p.m.•31 views

CVE-2006-3097

Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

4.9CVSS6.2AI score0.00063EPSS

CVE•added 2006/10/27 4:7 p.m.•29 views

CVE-2006-5558

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be...

10CVSS7.2AI score0.03348EPSS