CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2016 – HPE Security Bulletin HPSBUX03577 SSRT102172 1
https://notcve.org/view.php?id=CVE-2016-2016
10 May 2016 — Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory. Base-VxFS-50 B.05.00.01 hasta la versión B.05.00.02, Base-VxFS-501 B.05.01.0 hasta la vers... • http://www.securitytracker.com/id/1035816 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1987 – HPE Security Bulletin HPSBUX03437 SSRT110025 1
https://notcve.org/view.php?id=CVE-2016-1987
18 Feb 2016 — HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. HPE IPFilter A.11.31.18.21 en HP-UX, cuando cierta configuración de estado guardado se encuentra habilitada, permite a atacantes remotos causar una denegación de servicio a través de paquetes UDP no especificados. A potential security vulnerability has been identified with HP-UX running HP-UX IPFilter. The vulnerability could be remotely e... • http://www.securitytracker.com/id/1035026 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2126 – HP Security Bulletin HPSBUX03359 1
https://notcve.org/view.php?id=CVE-2015-2126
29 Jun 2015 — Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. Vulnerabilidad no especificada en pppoec en HP HP-UX 11iv2 y 11iv3 permite a usuarios locales ganar privilegios mediante el aprovechamiento de permisos setuid. A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory. • http://www.securityfocus.com/bid/75462 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3316 – CA Common Services Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3316
05 Jun 2015 — CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. CA Common Services, utilizado en CA C... • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2015-3317 – CA Common Services Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3317
05 Jun 2015 — CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors. CA C... • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2015-3318 – CA Common Services Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3318
05 Jun 2015 — CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.... • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 94%CPEs: 42EXPL: 1CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
21 May 2015 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no t... • https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.8EPSS: 8%CPEs: 240EXPL: 0CVE-2014-7810 – Tomcat/JbossWeb: security manager bypass via EL expressions
https://notcve.org/view.php?id=CVE-2014-7810
14 May 2015 — The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. La implementación Expression Language (EL) en Apache Tomcat 6.x anterior a 6.0.44, 7.x anterior a 7.0.58, y 8.x anterior a 8... • http://marc.info/?l=bugtraq&m=145974991225029&w=2 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-7879 – HP Security Bulletin HPSBUX03166 SSRT101489 1
https://notcve.org/view.php?id=CVE-2014-7879
26 Nov 2014 — HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. HP HP-UX B.11.11, B.11.23, y B.11.31, cuando la configuración PAM incluye libpam_updbe, permite a usuarios remotos autenticados evadir la autenticación, y como consecuencia ejecutar código arbitrario, a través de vectores no especificados. A potential security vulnerability has been identified i... • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04511778 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7877 – HP Security Bulletin HPSBUX03159 SSRT101785 2
https://notcve.org/view.php?id=CVE-2014-7877
29 Oct 2014 — Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en el kernel en HP HP-UX B.11.31 permite a usuarios locales causar una denegación de servicio a través de vectores desconocidos. A potential security vulnerability has been identified in the HP-UX kernel. This vulnerability could allow local users to create a Denial of Service. Revision 2 of this advisory. • http://secunia.com/advisories/61196 •