Hp Ux
By the Year
In 2023 there have been 1 vulnerability in Hp Ux with an average score of 5.5 out of ten. Hp Ux did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 5.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Hp Ux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hp Ux Security Vulnerabilities
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
CVE-2023-30903
5.5 - Medium
- June 16, 2023
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks
CVE-2018-5740
7.5 - High
- January 16, 2019
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
assertion failure
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request
CVE-2016-2775
5.9 - Medium
- July 19, 2016
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
Improper Input Validation
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5
CVE-2014-2490
- July 17, 2014
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51
CVE-2014-2413
- April 16, 2014
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51
CVE-2014-2420
- April 16, 2014
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51
CVE-2014-2422
- April 16, 2014
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51
CVE-2014-2423
- April 16, 2014
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51
CVE-2014-2428
- April 16, 2014
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents
CVE-2004-0940
- February 09, 2005
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
Buffer Overflow
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which
CVE-2004-0081
- November 23, 2004
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake
CVE-2004-0112
- November 23, 2004
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake
CVE-2004-0079
- November 23, 2004
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location
CVE-2004-0809
- September 16, 2004
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
Buffer overflow in HP-UX cstm program
CVE-1999-0307
- December 20, 2000
Buffer overflow in HP-UX cstm program allows local users to gain root privileges.
MC/ServiceGuard and MC/LockManager in HP-UX
CVE-1999-0435
- March 01, 1999
MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.
HP OpenView Omniback
CVE-1999-0333
- August 01, 1998
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.
A Unix account has a default
CVE-1999-0502
- March 01, 1998
A Unix account has a default, null, blank, or missing password.
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack
CVE-1999-0513
- January 05, 1998
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
Denial of service of inetd on Linux through SYN and RST packets.
CVE-1999-0216
- November 01, 1997
Denial of service of inetd on Linux through SYN and RST packets.
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g
CVE-1999-0097
- October 29, 1997
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
ICMP information such as (1) netmask and (2) timestamp is
CVE-1999-0524
- August 01, 1997
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Information Disclosure
Buffer overflow in Xt library of X Windowing System
CVE-1999-0040
- May 01, 1997
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
Buffer overflow in xlock program
CVE-1999-0038
- April 26, 1997
Buffer overflow in xlock program allows local users to execute commands as root.
Buffer overflow in xmcd 2.0p12
CVE-1999-0318
- March 01, 1997
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
Buffer overflow of rlogin program using TERM environmental variable.
CVE-1999-0046
- February 06, 1997
Buffer overflow of rlogin program using TERM environmental variable.
An SNMP community name is the default (e.g
CVE-1999-0517
- January 01, 1997
An SNMP community name is the default (e.g. public), null, or missing.
swinstall and swmodify commands in SD-UX package in HP-UX systems
CVE-1999-0127
- December 19, 1996
swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access.
Sendmail allows local users to write to a file and gain group permissions
CVE-1999-0129
- December 03, 1996
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Buffer overflow in HP-UX newgrp program.
CVE-1999-0050
- December 01, 1996
Buffer overflow in HP-UX newgrp program.
Buffer overflow in mstm in HP-UX
CVE-1999-0336
- November 01, 1996
Buffer overflow in mstm in HP-UX allows local users to gain root access.
HP Remote Watch allows a remote user to gain root access.
CVE-1999-0246
- October 01, 1996
HP Remote Watch allows a remote user to gain root access.
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users
CVE-1999-0138
- June 26, 1996
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
pcnfsd (aka rpc.pcnfsd)
CVE-1999-0078
- April 18, 1996
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
HP ypbind allows attackers with root privileges to modify NIS data.
CVE-1999-0312
- January 13, 1993
HP ypbind allows attackers with root privileges to modify NIS data.
