Vulnerabilities > HP > HP UX
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-11-04 | CVE-2008-4413 | Permissions, Privileges, and Access Controls vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions. | 6.2 |
2008-08-13 | CVE-2008-1668 | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.11 ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information. | 10.0 |
2008-08-08 | CVE-2008-1664 | Remote Denial Of Service vulnerability in HP-UX 'libc' Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2008-08-05 | CVE-2008-3389 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ingres 2.6/2006 Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. | 4.6 |
2008-08-05 | CVE-2008-3357 | Permissions, Privileges, and Access Controls vulnerability in multiple products Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability." Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. | 7.2 |
2008-08-01 | CVE-2008-1662 | Configuration vulnerability in HP Hp-Ux and System Administration Manager Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list." | 10.0 |
2008-05-21 | CVE-2008-1660 | Unspecified vulnerability in HP Hp-Ux 11.11/11.23/11.31 Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors. local hp | 6.3 |
2008-05-13 | CVE-2008-0713 | Remote Denial of Service vulnerability in HP Hp-Ux 11.11/11.23/11.31 Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors. | 6.8 |
2008-05-08 | CVE-2008-1659 | Local Unauthorized Access vulnerability in HP-UX LDAP-UX Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. | 7.2 |
2008-04-07 | CVE-2008-0709 | Permissions, Privileges, and Access Controls vulnerability in HP Select Identity Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | 5.5 |