# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-23700 |
863 |
|
|
2022-04-04 |
2022-04-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
2 |
CVE-2022-23456 |
|
|
|
2022-01-28 |
2022-02-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software. |
3 |
CVE-2021-39237 |
|
|
|
2021-11-03 |
2021-11-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure. |
4 |
CVE-2019-19539 |
522 |
|
|
2020-01-27 |
2020-02-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. |
5 |
CVE-2019-16285 |
200 |
|
+Info |
2019-11-22 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. |
6 |
CVE-2019-7317 |
416 |
|
|
2019-02-04 |
2022-05-23 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. |
7 |
CVE-2019-6331 |
200 |
|
+Info |
2020-01-09 |
2020-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information. |
8 |
CVE-2019-2786 |
|
|
|
2019-07-23 |
2022-10-06 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). |
9 |
CVE-2019-2766 |
|
|
|
2019-07-23 |
2022-10-06 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). |
10 |
CVE-2019-2422 |
|
|
|
2019-01-16 |
2022-10-06 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). |
11 |
CVE-2018-15532 |
200 |
|
+Info |
2019-03-21 |
2019-03-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses. |
12 |
CVE-2018-7099 |
|
|
|
2018-08-14 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. |
13 |
CVE-2018-7073 |
668 |
|
|
2018-08-06 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. |
14 |
CVE-2018-3139 |
|
|
|
2018-10-17 |
2022-06-27 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). |
15 |
CVE-2018-3136 |
|
|
|
2018-10-17 |
2022-06-27 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). |
16 |
CVE-2018-2790 |
|
|
|
2018-04-19 |
2022-05-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). |
17 |
CVE-2018-2641 |
|
|
|
2018-01-18 |
2022-05-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). |
18 |
CVE-2018-2629 |
|
|
|
2018-01-18 |
2022-05-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). |
19 |
CVE-2017-8950 |
200 |
|
+Info |
2018-02-15 |
2018-03-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. |
20 |
CVE-2017-8949 |
|
|
|
2018-02-15 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. |
21 |
CVE-2017-2752 |
254 |
|
|
2019-03-27 |
2019-04-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue. |
22 |
CVE-2017-2744 |
200 |
|
+Info |
2018-01-23 |
2018-02-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1. |
23 |
CVE-2016-2107 |
310 |
|
+Info |
2016-05-05 |
2022-12-13 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. |
24 |
CVE-2016-2023 |
200 |
|
+Info |
2016-05-30 |
2016-12-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors. |
25 |
CVE-2016-1987 |
20 |
|
DoS |
2016-02-18 |
2016-12-06 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. |
26 |
CVE-2015-2115 |
|
|
+Info |
2015-04-27 |
2016-12-03 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information via unknown vectors. |
27 |
CVE-2013-6402 |
59 |
|
|
2014-01-05 |
2014-03-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. |
28 |
CVE-2013-6216 |
|
|
+Priv |
2014-04-12 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors. |
29 |
CVE-2013-4820 |
|
|
+Info |
2013-09-23 |
2018-05-10 |
2.1 |
None |
Remote |
High |
??? |
Partial |
None |
None |
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors. |
30 |
CVE-2013-2362 |
|
|
DoS |
2013-07-22 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676. |
31 |
CVE-2012-6108 |
264 |
|
|
2014-02-15 |
2014-02-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations. |
32 |
CVE-2012-3276 |
16 |
|
DoS |
2012-12-13 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. |
33 |
CVE-2012-1994 |
200 |
|
+Info |
2020-02-10 |
2020-02-11 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information |
34 |
CVE-2011-0279 |
287 |
|
|
2011-03-07 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication. |
35 |
CVE-2010-2612 |
200 |
|
+Info |
2010-07-02 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors. |
36 |
CVE-2008-3902 |
200 |
|
+Info |
2008-09-03 |
2018-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104. |
37 |
CVE-2007-4931 |
|
|
|
2007-09-18 |
2011-03-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. |
38 |
CVE-2007-0805 |
|
|
+Info |
2007-02-07 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. |
39 |
CVE-2006-4820 |
|
|
DoS |
2006-09-15 |
2018-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. |
40 |
CVE-2006-4187 |
|
|
DoS |
2006-08-17 |
2018-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors. |
41 |
CVE-2006-2551 |
|
|
DoS |
2006-05-23 |
2018-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors. |
42 |
CVE-2005-3476 |
|
|
DoS |
2005-11-03 |
2018-10-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service. |
43 |
CVE-2005-3295 |
|
|
DoS |
2005-10-23 |
2018-05-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size." |
44 |
CVE-2005-2076 |
|
|
|
2005-06-29 |
2011-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen. |
45 |
CVE-2005-0719 |
|
|
DoS |
2005-03-09 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd. |
46 |
CVE-2005-0652 |
|
|
|
2005-05-02 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. |
47 |
CVE-2004-1857 |
|
|
Dir. Trav. |
2004-03-24 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. |
48 |
CVE-2004-1713 |
|
|
|
2004-08-10 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files. |
49 |
CVE-2003-1099 |
|
|
DoS Exec Code |
2003-12-31 |
2017-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack. |
50 |
CVE-2002-1668 |
|
|
DoS |
2002-12-31 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file. |