This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 1994-05-04
Product Hp-Ux Last view 2016-07-19
Version b.11.31 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:hp:hp-ux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.9 2016-07-19 CVE-2016-2775

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

8.5 2014-12-10 CVE-2014-7879

HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.

4.9 2014-10-30 CVE-2014-7877

Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

6.8 2014-10-18 CVE-2014-7874

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

9.3 2014-07-17 CVE-2014-2490

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

7.6 2014-04-15 CVE-2014-2428

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

7.5 2014-04-15 CVE-2014-2423

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.

6.8 2014-04-15 CVE-2014-2422

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

2.6 2014-04-15 CVE-2014-2420

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.

4.3 2014-04-15 CVE-2014-2413

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.

6.2 2014-03-11 CVE-2013-6200

Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.

7.8 2013-07-29 CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

6.8 2011-07-11 CVE-2011-2398

Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.

6.8 2011-04-14 CVE-2011-0896

Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors.

4.4 2011-04-04 CVE-2011-0891

Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.

6.8 2010-12-08 CVE-2010-4108

HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.

6.8 2010-08-30 CVE-2010-2712

Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

4.4 2010-03-31 CVE-2010-1030

Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.

4 2010-03-29 CVE-2010-0451

The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.

7.8 2009-10-05 CVE-2009-2679

Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.

7.2 2009-09-24 CVE-2009-2682

Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.

6 2009-04-29 CVE-2009-0719

Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.

6.8 2009-03-24 CVE-2009-0207

Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.

9.3 2009-02-04 CVE-2009-0418

The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.

7.8 2008-12-11 CVE-2008-4418

Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-264 Permissions, Privileges, and Access Controls
28% (2) CWE-20 Improper Input Validation
14% (1) CWE-352 Cross-Site Request Forgery (CSRF)
14% (1) CWE-287 Improper Authentication
14% (1) CWE-200 Information Exposure

SAINT Exploits

Description Link
HP OpenView OmniBack directory traversal More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
74349 HP-UX NFS/ONCplus Unspecified Remote DoS
73616 HP-UX Dynamic Loader Unspecified Local Privilege Escalation
71466 HP-UX OS-Core.CORE2-KRN Fileset Unspecified Local DoS
69683 HP-UX Threaded Processes Unspecified Remote DoS
67537 HP-UX Software Distributor Unspecified Local Privilege Escalation
63364 HP-UX AudFilter Rules Unspecified Local DoS
63243 HP-UX ONCplus Package NFS_SERVER Configuration Option NFS Enabling Weakness
58351 HP-UX Role-Based Access Control (RBAC) Unspecified Local Access Restriction B...
58132 HP-UX bootpd Unspecified Remote DoS
54161 HP-UX useradd Unspecified Arbitrary Local File Access
53517 HP-UX VERITAS Multiple Products Unspecified Local Privilege Escalation
51771 HP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing
50679 HP-UX DCE Unspecified Remote DoS
50409 HP-UX Kernel Unspecified Local DoS
10384 HP-UX CDE Multiple Module Unspecified Overflows
9658 HP-UX ppl Forced Core Dump Privilege Escalation
9655 HP-UX GlancePlus gpm Arbitrary File Access Privilege Escalation
9654 HP-UX GlancePlus glance Arbitrary File Access Privilege Escalation
9653 HP-UX CUE IOERROR.mytty Symlink Arbitrary File Overwrite
9652 HP-UX Predictive Data Transfer Information Disclosure
9604 HP-UX Support Watch Local Privilege Escalation
9600 HP-UX Message Catalog CORE-DIAG Fileset Local Privilege Escalation
9598 HP-UX chfn Command Line Argument Local Overflow
9597 HP-UX chsh Local Privilege Escalation
8025 HP-UX GlancePlus Local Privilege Escalation

OpenVAS Exploits

id Description
2011-06-06 Name : HP-UX Update for HP-UX Pkg HPSBUX02646
File : nvt/gb_hp_ux_HPSBUX02646.nasl
2011-05-05 Name : HP-UX Update for NFS/ONCplus HPSBUX02653
File : nvt/gb_hp_ux_HPSBUX02653.nasl
2011-01-04 Name : HP-UX Update for Threaded Processes HPSBUX02611
File : nvt/gb_hp_ux_HPSBUX02611.nasl
2010-10-01 Name : HP-UX Update for Software Distributor (sd) HPSBUX02552
File : nvt/gb_hp_ux_HPSBUX02552.nasl
2010-04-07 Name : HP-UX Update for AudFilter rules enabled HPSBUX02514
File : nvt/gb_hp_ux_HPSBUX02514.nasl
2010-03-31 Name : HP-UX Update for NFS/ONCplus HPSBUX02509
File : nvt/gb_hp_ux_HPSBUX02509.nasl
2009-10-14 Name : HP-UX Update for Role-Based Access Control (RBAC) HPSBUX02457
File : nvt/gb_hp_ux_HPSBUX02457.nasl
2009-09-21 Name : HP-UX Update for bootpd HPSBUX02458
File : nvt/gb_hp_ux_HPSBUX02458.nasl
2009-06-05 Name : Ubuntu USN-773-1 (pango1.0)
File : nvt/ubuntu_773_1.nasl
2009-06-05 Name : Ubuntu USN-772-1 (mpfr)
File : nvt/ubuntu_772_1.nasl
2009-06-05 Name : Ubuntu USN-771-1 (libmodplug)
File : nvt/ubuntu_771_1.nasl
2009-06-05 Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-06-05 Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-01 Name : HP-UX Update for useradd(1M) HPSBUX02366
File : nvt/gb_hp_ux_HPSBUX02366.nasl
2009-05-05 Name : HP-UX Update for VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manag...
File : nvt/gb_hp_ux_HPSBUX02409.nasl
2009-05-05 Name : HP-UX Update for DCE HPSBUX02393
File : nvt/gb_hp_ux_HPSBUX02393.nasl
2009-05-05 Name : HP-UX Update for HP-UX Pkg HPSBUX02389
File : nvt/gb_hp_ux_HPSBUX02389.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0105 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0053191
2014-A-0056 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0049583
2013-A-0151 ISC BIND 9 Remote Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0039823
2011-B-0079 HP-UX Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0029389
2011-B-0054 HP-UX Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0026670
2010-B-0104 HP-UX Remote Denial Of Service Vulnerability
Severity: Category I - VMSKEY: V0025837
2010-B-0026 HP-UX Configuration Security Bypass Vulnerability
Severity: Category I - VMSKEY: V0023855
2009-T-0002 HP-UX DCE Remote Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0017980
2008-B-0070 Multiple Vendors IPv6 Neighbor Discovery Protocol Spoofing Vulnerability
Severity: Category II - VMSKEY: V0017557

Snort® IPS/IDS

Date Description
2017-12-19 ISC BIND 9 DNS rdata length handling remote denial of service attempt
RuleID : 44879 - Type : SERVER-OTHER - Revision : 1
2014-01-10 ISC BIND 9 DNS rdata length handling remote denial of service attempt
RuleID : 27666 - Type : SERVER-OTHER - Revision : 3
2014-01-10 Openview Omni II command bypass attempt
RuleID : 11681 - Type : SERVER-OTHER - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-08-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2533.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote AIX host has a version of bind installed that is affected by multi...
File: aix_bind_advisory13.nasl - Type: ACT_GATHER_INFO
2017-04-21 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0066.nasl - Type: ACT_GATHER_INFO
2017-04-20 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-491.nasl - Type: ACT_GATHER_INFO
2017-04-13 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0998-1.nasl - Type: ACT_GATHER_INFO
2017-04-13 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0999-1.nasl - Type: ACT_GATHER_INFO
2017-04-13 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1000-1.nasl - Type: ACT_GATHER_INFO
2017-02-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1052.nasl - Type: ACT_GATHER_INFO
2016-11-18 Name: The remote AIX host is missing a security patch.
File: aix_IV89828.nasl - Type: ACT_GATHER_INFO
2016-11-18 Name: The remote AIX host is missing a security patch.
File: aix_IV89829.nasl - Type: ACT_GATHER_INFO
2016-11-18 Name: The remote AIX host is missing a security patch.
File: aix_IV89830.nasl - Type: ACT_GATHER_INFO
2016-11-18 Name: The remote AIX host is missing a security patch.
File: aix_IV89831.nasl - Type: ACT_GATHER_INFO
2016-11-18 Name: The remote AIX host is missing a security patch.
File: aix_IV90056.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201610-07.nasl - Type: ACT_GATHER_INFO
2016-10-06 Name: The remote Debian host is missing a security update.
File: debian_DLA-645.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3680.nasl - Type: ACT_GATHER_INFO
2016-09-16 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2016-745.nasl - Type: ACT_GATHER_INFO
2016-08-18 Name: The remote Fedora host is missing a security update.
File: fedora_2016-3fba74e7f5.nasl - Type: ACT_GATHER_INFO
2016-08-09 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2016-2941b3264e.nasl - Type: ACT_GATHER_INFO
2016-08-08 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_7a31e0de5b6d11e6b334002590263bf5.nasl - Type: ACT_GATHER_INFO
2016-08-01 Name: The remote Fedora host is missing a security update.
File: fedora_2016-007efacd1c.nasl - Type: ACT_GATHER_INFO
2016-08-01 Name: The remote Fedora host is missing a security update.
File: fedora_2016-53f0c65f40.nasl - Type: ACT_GATHER_INFO
2016-07-25 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2016-204-01.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote name server is affected by a denial of service vulnerability.
File: bind9_9104_p2.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-96.nasl - Type: ACT_GATHER_INFO