Vulnerabilities > HP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-09-02 | CVE-2002-1604 | Local Buffer Overflow vulnerability in HP Tru64 NLSPATH Environment Variable Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver. | 7.5 |
| 2002-08-12 | CVE-2002-0763 | Unspecified vulnerability in HP Virtualvault 4.5 Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server. | 7.5 |
| 2002-08-01 | CVE-2002-1616 | Local Privilege Escalation vulnerability in Tru64 CHSH Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc. | 7.2 |
| 2002-07-23 | CVE-2002-0678 | Symbolic Link vulnerability in Multiple Vendor CDE ToolTalk Database Server CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. | 7.2 |
| 2002-07-23 | CVE-2002-0677 | CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure. | 7.5 |
| 2002-06-25 | CVE-2002-0350 | Denial of Service vulnerability in HP ProCurve Switch HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service. | 7.8 |
| 2002-06-18 | CVE-2002-0610 | Unspecified vulnerability in HP MPE IX 6.0/6.5/7.0 Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges. | 7.5 |
| 2002-05-29 | CVE-2002-0250 | Authentication Bypass vulnerability in HP AdvanceStack Switch Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. | 7.5 |
| 2002-03-19 | CVE-2002-0076 | Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. | 7.5 |
| 2002-01-11 | CVE-2003-0061 | Local Security vulnerability in HP Hp-Ux 10.20 Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable. | 7.2 |