Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Filtered by product Hp-ux
Total 471 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3317 5 Ca, Hp, Ibm and 2 more 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more 2025-04-12 4.6 MEDIUM N/A
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.
CVE-2016-5995 3 Hp, Ibm, Linux 5 Hp-ux, Aix, Db2 and 2 more 2025-04-12 6.9 MEDIUM 7.3 HIGH
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
CVE-2014-7879 1 Hp 1 Hp-ux 2025-04-12 8.5 HIGH N/A
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
CVE-2013-6219 1 Hp 2 Hp-ux, Hp-ux Whitelisting 2025-04-12 3.8 LOW N/A
Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
CVE-2014-7874 1 Hp 2 Hp-ux, System Management Homepage 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-6209 1 Hp 1 Hp-ux 2025-04-12 4.3 MEDIUM N/A
Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.
CVE-2013-6200 1 Hp 1 Hp-ux 2025-04-12 6.2 MEDIUM N/A
Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.
CVE-2015-3318 5 Ca, Hp, Ibm and 2 more 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more 2025-04-12 4.6 MEDIUM N/A
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.
CVE-2013-6335 4 Hp, Ibm, Linux and 1 more 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more 2025-04-12 3.3 LOW N/A
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
CVE-2014-2490 3 Debian, Hp, Oracle 4 Debian Linux, Hp-ux, Jdk and 1 more 2025-04-12 9.3 HIGH N/A
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2015-2126 1 Hp 1 Hp-ux 2025-04-12 7.2 HIGH N/A
Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions.
CVE-2016-2776 3 Hp, Isc, Oracle 5 Hp-ux, Bind, Linux and 2 more 2025-04-12 7.8 HIGH 7.5 HIGH
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2025-04-12 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2014-7810 3 Apache, Debian, Hp 3 Tomcat, Debian Linux, Hp-ux 2025-04-12 5.0 MEDIUM N/A
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
CVE-2016-2775 4 Fedoraproject, Hp, Isc and 1 more 9 Fedora, Hp-ux, Bind and 6 more 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVE-2013-5870 3 Hp, Oracle, Redhat 11 Hp-ux, Jdk, Jre and 8 more 2025-04-11 6.8 MEDIUM N/A
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
CVE-2013-0543 4 Hp, Ibm, Linux and 1 more 4 Hp-ux, Websphere Application Server, Linux Kernel and 1 more 2025-04-11 6.8 MEDIUM N/A
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2010-0452 1 Hp 2 Hp-ux, Project And Portfolio Management Center 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5895 3 Hp, Oracle, Redhat 11 Hp-ux, Jdk, Jre and 8 more 2025-04-11 5.0 MEDIUM N/A
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.
CVE-2013-5904 3 Hp, Oracle, Redhat 10 Hp-ux, Jdk, Jre and 7 more 2025-04-11 6.8 MEDIUM N/A
Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.