Hp Ux

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

CVE-2023-30903 5.5 - Medium - June 16, 2023

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks

CVE-2018-5740 7.5 - High - January 16, 2019

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

assertion failure

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request

CVE-2016-2775 5.9 - Medium - July 19, 2016

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

Improper Input Validation

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5

CVE-2014-2490 - July 17, 2014

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51

CVE-2014-2420 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51

CVE-2014-2422 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51

CVE-2014-2423 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51

CVE-2014-2428 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51

CVE-2014-2413 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings

CVE-2012-1823 9.8 - Critical - May 11, 2012

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Command Injection

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents

CVE-2004-0940 7.8 - High - February 09, 2005

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

Incorrect Calculation of Buffer Size

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which

CVE-2004-0081 - November 23, 2004

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake

CVE-2004-0112 - November 23, 2004

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Out-of-bounds Read

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake

CVE-2004-0079 7.5 - High - November 23, 2004

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

NULL Pointer Dereference

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location

CVE-2004-0809 - September 16, 2004

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled

CVE-2004-0594 - July 27, 2004

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

TOCTTOU

Buffer overflow in Sendmail 5.79 to 8.12.7

CVE-2002-1337 - March 07, 2003

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Classic Buffer Overflow

Heap overflow in FTP daemon in Solaris 8

CVE-2001-0249 9.8 - Critical - June 18, 2001

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

Incorrect Calculation of Buffer Size

Buffer overflow in FTP server in HPUX 11

CVE-2001-0248 9.8 - Critical - June 18, 2001

Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

Incorrect Calculation of Buffer Size

Buffer overflow in HP-UX cstm program

CVE-1999-0307 - December 20, 2000

Buffer overflow in HP-UX cstm program allows local users to gain root privileges.

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages

CVE-2000-0972 5.5 - Medium - December 19, 2000

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

insecure temporary file

MC/ServiceGuard and MC/LockManager in HP-UX

CVE-1999-0435 - March 01, 1999

MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.

HP OpenView Omniback

CVE-1999-0333 - August 01, 1998

HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier

CVE-1999-1136 - July 30, 1998

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

Information Disclosure

A Unix account has a default

CVE-1999-0502 - March 01, 1998

A Unix account has a default, null, blank, or missing password.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack

CVE-1999-0513 - January 05, 1998

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Land IP denial of service.

CVE-1999-0016 - December 01, 1997

Land IP denial of service.

Denial of service of inetd on Linux through SYN and RST packets.

CVE-1999-0216 - November 01, 1997

Denial of service of inetd on Linux through SYN and RST packets.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g

CVE-1999-0097 - October 29, 1997

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier

CVE-1999-1139 - September 01, 1997

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.

ICMP information such as (1) netmask and (2) timestamp is

CVE-1999-0524 - August 01, 1997

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Information Disclosure

Buffer overflow in Xt library of X Windowing System

CVE-1999-0040 - May 01, 1997

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in xlock program

CVE-1999-0038 - April 26, 1997

Buffer overflow in xlock program allows local users to execute commands as root.

Buffer overflow in xmcd 2.0p12

CVE-1999-0318 - March 01, 1997

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

Buffer overflow of rlogin program using TERM environmental variable.

CVE-1999-0046 - February 06, 1997

Buffer overflow of rlogin program using TERM environmental variable.

Classic Buffer Overflow

Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which

CVE-1999-1144 - January 30, 1997

Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.

movemail in HP-UX 10.20 has insecure permissions, which

CVE-1999-1249 - January 06, 1997

movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

An SNMP community name is the default (e.g

CVE-1999-0517 - January 01, 1997

An SNMP community name is the default (e.g. public), null, or missing.

swinstall and swmodify commands in SD-UX package in HP-UX systems

CVE-1999-0127 - December 19, 1996

swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access.

Sendmail allows local users to write to a file and gain group permissions

CVE-1999-0129 - December 03, 1996

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Buffer overflow in HP-UX newgrp program.

CVE-1999-0050 - December 01, 1996

Buffer overflow in HP-UX newgrp program.

Vulnerability in ppl in HP-UX 10.x and earlier

CVE-1999-1161 - November 03, 1996

Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.

Buffer overflow in mstm in HP-UX

CVE-1999-0336 - November 01, 1996

Buffer overflow in mstm in HP-UX allows local users to gain root access.

HP Remote Watch allows a remote user to gain root access.

CVE-1999-0246 - October 01, 1996

HP Remote Watch allows a remote user to gain root access.

Local user gains root privileges

CVE-1999-0022 - July 03, 1996

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users

CVE-1999-0138 - June 26, 1996

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

pcnfsd (aka rpc.pcnfsd)

CVE-1999-0078 - April 18, 1996

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

HP ypbind allows attackers with root privileges to modify NIS data.

CVE-1999-0312 - January 13, 1993

HP ypbind allows attackers with root privileges to modify NIS data.