Page 13 of 222 results (0.007 seconds)

CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0

Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable. • http://securityreason.com/securityalert/3236 http://www.securityfocus.com/advisories/4957 http://www.securityfocus.com/archive/1/324381 http://www.securityfocus.com/bid/6834 https://exchange.xforce.ibmcloud.com/vulnerabilities/11314 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. • http://archives.neohapsis.com/archives/hp/2003-q1/0009.html http://www.securityfocus.com/bid/6640 https://exchange.xforce.ibmcloud.com/vulnerabilities/11107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 4

Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473). • https://www.exploit-db.com/exploits/22561 http://securityreason.com/securityalert/3283 http://www.securityfocus.com/archive/1/320323 http://www.securityfocus.com/archive/1/320371 http://www.securityfocus.com/bid/7489 https://exchange.xforce.ibmcloud.com/vulnerabilities/11919 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4897 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 2%CPEs: 58EXPL: 0

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. ISC BIND 8.3.x antes de 8.3.7, y 8.4.x antes de 8.4.3 permite a atacantes remotos envenenar la cache mediante un servidor de nombres malicioso que devuelve respuestas negativas con un valor TTL (time to live) largo. • ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt http://secunia.com/advisories/10542 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434 http://www.debian.org/security/2004/dsa-409 http://www.kb.cert.org/vuls/id/734644 http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt https://oval.cisecurity.org/repository& •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify. Desbordamiento de búfer en los útiles Software Distributor de HP-UX B.11.00 y B.11.11 permite a usuarios locales ejecutar código arbitrario mediante una variable de entorno LANG larga en programas setuid como swinstall y swmodify. • https://www.exploit-db.com/exploits/23343 http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0038.html http://marc.info/?l=bugtraq&m=106873965001431&w=2 http://www.securityfocus.com/advisories/6030 http://www.securityfocus.com/bid/8986 https://exchange.xforce.ibmcloud.com/vulnerabilities/13623 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5466 •