Total
433 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0333 | 1 Hp | 1 Hp-ux | 2017-07-10 | 7.2 HIGH | N/A |
Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085. | |||||
CVE-2002-1611 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-10 | 4.6 MEDIUM | N/A |
Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges. | |||||
CVE-2002-1612 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-10 | 7.2 HIGH | N/A |
Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges. | |||||
CVE-2002-1668 | 1 Hp | 3 Hp-ux, Hp-ux Series 700, Hp-ux Series 800 | 2017-07-10 | 2.1 LOW | N/A |
HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file. | |||||
CVE-2002-1615 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-10 | 7.2 HIGH | N/A |
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader. | |||||
CVE-2002-1613 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-10 | 7.2 HIGH | N/A |
Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges. | |||||
CVE-2016-8963 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-13 | 2.1 LOW | 5.5 MEDIUM |
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | |||||
CVE-2016-8961 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-13 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
CVE-2016-8966 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-13 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
CVE-2016-8981 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-13 | 2.1 LOW | 5.5 MEDIUM |
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. | |||||
CVE-2016-8980 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-13 | 7.5 HIGH | 8.1 HIGH |
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | |||||
CVE-2016-8977 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-13 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. | |||||
CVE-2016-8967 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-09 | 2.1 LOW | 5.5 MEDIUM |
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | |||||
CVE-2015-2126 | 1 Hp | 1 Hp-ux | 2016-12-27 | 7.2 HIGH | N/A |
Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. | |||||
CVE-2016-2016 | 1 Hp | 4 Base-vxfs-50, Base-vxfs-501, Base-vxfs-51 and 1 more | 2016-11-30 | 2.1 LOW | 5.5 MEDIUM |
Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory. | |||||
CVE-2005-1771 | 1 Hp | 1 Hp-ux | 2016-10-17 | 7.5 HIGH | N/A |
Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t. | |||||
CVE-2003-0840 | 1 Hp | 1 Hp-ux | 2016-10-17 | 7.2 HIGH | N/A |
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable. | |||||
CVE-1999-1408 | 2 Hp, Ibm | 2 Hp-ux, Aix | 2016-10-17 | 2.1 LOW | N/A |
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost. | |||||
CVE-1999-1161 | 1 Hp | 1 Hp-ux | 2016-10-17 | 7.2 HIGH | N/A |
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. | |||||
CVE-1999-1160 | 1 Hp | 1 Hp-ux | 2016-10-17 | 10.0 HIGH | N/A |
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. |