Hp: Security Vulnerabilities
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
CVSS Score
7.5
EPSS Score
0.19
Published
2002-07-23
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
CVSS Score
7.2
EPSS Score
0.004
Published
2002-07-23
HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service.
CVSS Score
7.8
EPSS Score
0.007
Published
2002-06-25
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
CVSS Score
2.1
EPSS Score
0.001
Published
2002-06-18
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.
CVSS Score
5.0
EPSS Score
0.007
Published
2002-06-18
Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets.
CVSS Score
5.0
EPSS Score
0.015
Published
2002-06-18
Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges.
CVSS Score
7.5
EPSS Score
0.027
Published
2002-06-18
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-05-31
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
CVSS Score
7.5
EPSS Score
0.088
Published
2002-05-29
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
CVSS Score
7.5
EPSS Score
0.011
Published
2002-03-19