This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 1994-05-04
Product Hp-Ux Last view 2014-12-10
Version b.11.23 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:hp:hp-ux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.5 2014-12-10 CVE-2014-7879

HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.

6.8 2014-10-18 CVE-2014-7874

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

9.3 2014-07-17 CVE-2014-2490

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

7.6 2014-04-15 CVE-2014-2428

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

7.5 2014-04-15 CVE-2014-2423

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.

6.8 2014-04-15 CVE-2014-2422

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

2.6 2014-04-15 CVE-2014-2420

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.

4.3 2014-04-15 CVE-2014-2413

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.

4.3 2014-03-14 CVE-2013-6209

Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.

6.2 2014-03-11 CVE-2013-6200

Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.

10 2012-04-05 CVE-2012-0131

Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8 2011-07-11 CVE-2011-2398

Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.

4.4 2011-04-04 CVE-2011-0891

Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.

6.8 2010-12-08 CVE-2010-4108

HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.

6.8 2010-08-30 CVE-2010-2712

Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

7.8 2009-10-05 CVE-2009-2679

Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.

7.2 2009-09-24 CVE-2009-2682

Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.

6 2009-04-29 CVE-2009-0719

Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.

6.8 2009-03-24 CVE-2009-0207

Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.

9.3 2009-02-04 CVE-2009-0418

The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.

7.8 2008-12-11 CVE-2008-4418

Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

10 2008-08-01 CVE-2008-1662

Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."

9.3 2007-04-12 CVE-2007-1993

Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."

4.6 2001-10-18 CVE-2001-0772

Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.

4.6 2001-08-22 CVE-2001-0607

asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.

CWE : Common Weakness Enumeration

%idName
14% (1) CWE-352 Cross-Site Request Forgery (CSRF)
14% (1) CWE-287 Improper Authentication
14% (1) CWE-264 Permissions, Privileges, and Access Controls
14% (1) CWE-200 Information Exposure
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-20 Improper Input Validation
14% (1) CWE-16 Configuration

SAINT Exploits

Description Link
HP OpenView OmniBack directory traversal More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
73616 HP-UX Dynamic Loader Unspecified Local Privilege Escalation
71466 HP-UX OS-Core.CORE2-KRN Fileset Unspecified Local DoS
69683 HP-UX Threaded Processes Unspecified Remote DoS
67537 HP-UX Software Distributor Unspecified Local Privilege Escalation
58351 HP-UX Role-Based Access Control (RBAC) Unspecified Local Access Restriction B...
58132 HP-UX bootpd Unspecified Remote DoS
54161 HP-UX useradd Unspecified Arbitrary Local File Access
53517 HP-UX VERITAS Multiple Products Unspecified Local Privilege Escalation
51771 HP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing
50679 HP-UX DCE Unspecified Remote DoS
47273 HP-UX System Administration Manager Unspecified Remote Security Bypass
34897 HP-UX Portable File System (PFS) pfs_mountd.rpc Remote Code Execution
10384 HP-UX CDE Multiple Module Unspecified Overflows
9658 HP-UX ppl Forced Core Dump Privilege Escalation
9655 HP-UX GlancePlus gpm Arbitrary File Access Privilege Escalation
9654 HP-UX GlancePlus glance Arbitrary File Access Privilege Escalation
9653 HP-UX CUE IOERROR.mytty Symlink Arbitrary File Overwrite
9652 HP-UX Predictive Data Transfer Information Disclosure
9604 HP-UX Support Watch Local Privilege Escalation
9600 HP-UX Message Catalog CORE-DIAG Fileset Local Privilege Escalation
9598 HP-UX chfn Command Line Argument Local Overflow
9597 HP-UX chsh Local Privilege Escalation
8025 HP-UX GlancePlus Local Privilege Escalation
7674 HP-UX asecure Unsafe Permission DoS
7180 HP-UX inetd swait State DoS

OpenVAS Exploits

id Description
2011-06-06 Name : HP-UX Update for HP-UX Pkg HPSBUX02646
File : nvt/gb_hp_ux_HPSBUX02646.nasl
2011-01-04 Name : HP-UX Update for Threaded Processes HPSBUX02611
File : nvt/gb_hp_ux_HPSBUX02611.nasl
2010-10-01 Name : HP-UX Update for Software Distributor (sd) HPSBUX02552
File : nvt/gb_hp_ux_HPSBUX02552.nasl
2009-10-14 Name : HP-UX Update for Role-Based Access Control (RBAC) HPSBUX02457
File : nvt/gb_hp_ux_HPSBUX02457.nasl
2009-09-21 Name : HP-UX Update for bootpd HPSBUX02458
File : nvt/gb_hp_ux_HPSBUX02458.nasl
2009-06-05 Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-05 Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-06-05 Name : Ubuntu USN-771-1 (libmodplug)
File : nvt/ubuntu_771_1.nasl
2009-06-05 Name : Ubuntu USN-772-1 (mpfr)
File : nvt/ubuntu_772_1.nasl
2009-06-05 Name : Ubuntu USN-773-1 (pango1.0)
File : nvt/ubuntu_773_1.nasl
2009-06-01 Name : HP-UX Update for useradd(1M) HPSBUX02366
File : nvt/gb_hp_ux_HPSBUX02366.nasl
2009-05-05 Name : HP-UX Update for Portable File System (PFS) HPSBUX02203
File : nvt/gb_hp_ux_HPSBUX02203.nasl
2009-05-05 Name : HP-UX Update for System Administration Manager (SAM) HPSBUX02286
File : nvt/gb_hp_ux_HPSBUX02286.nasl
2009-05-05 Name : HP-UX Update for DCE HPSBUX02393
File : nvt/gb_hp_ux_HPSBUX02393.nasl
2009-05-05 Name : HP-UX Update for VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manag...
File : nvt/gb_hp_ux_HPSBUX02409.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0105 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0053191
2014-A-0056 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0049583
2011-B-0079 HP-UX Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0029389
2010-B-0104 HP-UX Remote Denial Of Service Vulnerability
Severity: Category I - VMSKEY: V0025837
2009-T-0002 HP-UX DCE Remote Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0017980
2008-B-0070 Multiple Vendors IPv6 Neighbor Discovery Protocol Spoofing Vulnerability
Severity: Category II - VMSKEY: V0017557
2008-T-0042 HP-UX System Administration Manager (SAM) Security Vulnerability
Severity: Category I - VMSKEY: V0016748

Snort® IPS/IDS

Date Description
2014-01-10 Openview Omni II command bypass attempt
RuleID : 11681 - Type : SERVER-OTHER - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-96.nasl - Type: ACT_GATHER_INFO
2015-02-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201502-12.nasl - Type: ACT_GATHER_INFO
2014-12-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-772.nasl - Type: ACT_GATHER_INFO
2014-12-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-773.nasl - Type: ACT_GATHER_INFO
2014-12-12 Name: The remote host has an update manager installed that is affected by multiple ...
File: vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type: ACT_GATHER_INFO
2014-12-12 Name: The remote host has a virtualization management application installed that is...
File: vmware_vcenter_vmsa-2014-0012.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHCO_43873.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHCO_43874.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHCO_43875.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0413.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0414.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0902.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0982.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-383.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-387.nasl - Type: ACT_GATHER_INFO
2014-09-23 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: domino_9_0_1_fp2.nasl - Type: ACT_GATHER_INFO
2014-09-23 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: ibm_domino_9_0_1_fp2.nasl - Type: ACT_GATHER_INFO
2014-09-23 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: ibm_notes_9_0_1_fp2.nasl - Type: ACT_GATHER_INFO
2014-09-17 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2319-3.nasl - Type: ACT_GATHER_INFO
2014-09-17 Name: The remote host has an update manager installed that is affected by multiple ...
File: vmware_vcenter_update_mgr_vmsa-2014-0008.nasl - Type: ACT_GATHER_INFO
2014-09-17 Name: The remote host has a virtualization management application installed that is...
File: vmware_vcenter_vmsa-2014-0008.nasl - Type: ACT_GATHER_INFO
2014-08-26 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2319-2.nasl - Type: ACT_GATHER_INFO
2014-08-20 Name: A web application on the remote host is affected by multiple vulnerabilities.
File: puppet_enterprise_331.nasl - Type: ACT_GATHER_INFO
2014-08-20 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2319-1.nasl - Type: ACT_GATHER_INFO
2014-08-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2312-1.nasl - Type: ACT_GATHER_INFO