Hp Ux Hp Ux

Do you want an email whenever new security vulnerabilities are reported in Hp Ux?

By the Year

In 2022 there have been 0 vulnerabilities in Hp Ux . Hp Ux did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 7.50
2018 0 0.00

It may take a day or so for new Hp Ux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Hp Ux Security Vulnerabilities

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks

CVE-2018-5740 7.5 - High - January 16, 2019

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

assertion failure

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request

CVE-2016-2775 5.9 - Medium - July 19, 2016

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

Improper Input Validation

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5

CVE-2014-2490 - July 17, 2014

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51

CVE-2014-2413 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51

CVE-2014-2420 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51

CVE-2014-2422 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51

CVE-2014-2423 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51

CVE-2014-2428 - April 16, 2014

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents

CVE-2004-0940 - February 09, 2005

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

Buffer Overflow

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake

CVE-2004-0079 - November 23, 2004

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which

CVE-2004-0081 - November 23, 2004

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake

CVE-2004-0112 - November 23, 2004

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location

CVE-2004-0809 - September 16, 2004

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Buffer overflow in HP-UX cstm program

CVE-1999-0307 - December 20, 2000

Buffer overflow in HP-UX cstm program allows local users to gain root privileges.

MC/ServiceGuard and MC/LockManager in HP-UX

CVE-1999-0435 - March 01, 1999

MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.

HP OpenView Omniback

CVE-1999-0333 - August 01, 1998

HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.

A Unix account has a default

CVE-1999-0502 - March 01, 1998

A Unix account has a default, null, blank, or missing password.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack

CVE-1999-0513 - January 05, 1998

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Denial of service of inetd on Linux through SYN and RST packets.

CVE-1999-0216 - November 01, 1997

Denial of service of inetd on Linux through SYN and RST packets.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g

CVE-1999-0097 - October 29, 1997

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

ICMP information such as (1) netmask and (2) timestamp is

CVE-1999-0524 - August 01, 1997

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Information Disclosure

Buffer overflow in Xt library of X Windowing System

CVE-1999-0040 - May 01, 1997

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in xlock program

CVE-1999-0038 - April 26, 1997

Buffer overflow in xlock program allows local users to execute commands as root.

Buffer overflow in xmcd 2.0p12

CVE-1999-0318 - March 01, 1997

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

Buffer overflow of rlogin program using TERM environmental variable.

CVE-1999-0046 - February 06, 1997

Buffer overflow of rlogin program using TERM environmental variable.

An SNMP community name is the default (e.g

CVE-1999-0517 - January 01, 1997

An SNMP community name is the default (e.g. public), null, or missing.

swinstall and swmodify commands in SD-UX package in HP-UX systems

CVE-1999-0127 - December 19, 1996

swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access.

Sendmail allows local users to write to a file and gain group permissions

CVE-1999-0129 - December 03, 1996

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Buffer overflow in HP-UX newgrp program.

CVE-1999-0050 - December 01, 1996

Buffer overflow in HP-UX newgrp program.

Buffer overflow in mstm in HP-UX

CVE-1999-0336 - November 01, 1996

Buffer overflow in mstm in HP-UX allows local users to gain root access.

HP Remote Watch allows a remote user to gain root access.

CVE-1999-0246 - October 01, 1996

HP Remote Watch allows a remote user to gain root access.

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users

CVE-1999-0138 - June 26, 1996

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

pcnfsd (aka rpc.pcnfsd)

CVE-1999-0078 - April 18, 1996

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

HP ypbind allows attackers with root privileges to modify NIS data.

CVE-1999-0312 - January 13, 1993

HP ypbind allows attackers with root privileges to modify NIS data.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Hp Ux or by HP? Click the Watch button to subscribe.

HP
Vendor

Hp Ux
Product

subscribe