|
|
HP : Security Vulnerabilities (CVSS score between 1 and 1.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2014-3956 |
200 |
|
+Info |
2014-06-04 |
2017-12-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. |
|
2 |
CVE-2014-2603 |
|
|
+Info |
2014-05-09 |
2014-05-12 |
1.7 |
None |
Remote |
High |
Multiple systems |
Partial |
None |
None |
|
Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors. |
|
3 |
CVE-2013-4829 |
200 |
|
+Info |
2013-10-04 |
2013-10-08 |
1.5 |
None |
Local |
Medium |
Single system |
Partial |
None |
None |
|
HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors. |
|
4 |
CVE-2013-0200 |
59 |
|
|
2013-03-06 |
2014-02-06 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. |
|
5 |
CVE-2011-3163 |
200 |
|
+Info |
2011-10-23 |
2012-02-13 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors. |
|
6 |
CVE-2011-2722 |
59 |
|
|
2012-05-25 |
2013-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. |
|
7 |
CVE-2007-4179 |
|
|
DoS |
2007-08-07 |
2017-09-28 |
1.5 |
None |
Local |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details. |
|
8 |
CVE-2005-2993 |
|
|
DoS |
2005-09-20 |
2018-10-19 |
1.7 |
None |
Local |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang). |
|
9 |
CVE-2001-1256 |
|
|
|
2001-06-11 |
2017-12-18 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. |
|
10 |
CVE-1999-0078 |
|
|
Exec Code |
1996-04-18 |
2018-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
Total number of vulnerabilities : 10
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
