CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1CVE-2016-9795 – CA Common Services casrvc Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9795
27 Jan 2017 — The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validatio... • https://github.com/blogresponder/CA-Common-Services-privilege-escalation-cve-2016-9795-revisited • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 246EXPL: 0CVE-2016-5995
https://notcve.org/view.php?id=CVE-2016-5995
01 Oct 2016 — Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. Vulnerabilidad de ruta de búsqueda no confiable en IBM DB2 9.7 hasta la versión FP11, 10.1 hasta la versión FP5, 10.5 en versiones anteriores a FP8 y 11.1 GA en Linux, AIX y HP-UX permite a usuarios locales obtener privilegios a través de una librería troyanizad... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 88%CPEs: 49EXPL: 4CVE-2016-2776 – ISC BIND 9 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-2776
28 Sep 2016 — buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. buffer.c en named en ISC BIND 9 en versiones anteriores a 9.9.9-P3, 9.10.x en versiones anteriores a 9.10.4-P3 y 9.11.x en versiones anteriores a 9.11.0rc3 no construye respuestas adecuadamente, lo que permite a atacantes remotos provocar una denegación d... • https://packetstorm.news/files/id/180551 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.9EPSS: 38%CPEs: 42EXPL: 0CVE-2016-2775 – bind: Too long query name causes segmentation fault in lwresd
https://notcve.org/view.php?id=CVE-2016-2775
19 Jul 2016 — ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. ISC BIND 9.x en versiones anteriores a 9.9.9-P2, 9.10.x en versiones anteriores a 9.10.4-P2 y 9.11.x en versiones anteriores a 9.11.0b2, cuando lwresd o la opción nombrada lwres está habilitada, permite a atacantes remotos provocar una denegación ... • http://www.securityfocus.com/bid/92037 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2016 – HPE Security Bulletin HPSBUX03577 SSRT102172 1
https://notcve.org/view.php?id=CVE-2016-2016
10 May 2016 — Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory. Base-VxFS-50 B.05.00.01 hasta la versión B.05.00.02, Base-VxFS-501 B.05.01.0 hasta la vers... • http://www.securitytracker.com/id/1035816 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1987 – HPE Security Bulletin HPSBUX03437 SSRT110025 1
https://notcve.org/view.php?id=CVE-2016-1987
18 Feb 2016 — HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. HPE IPFilter A.11.31.18.21 en HP-UX, cuando cierta configuración de estado guardado se encuentra habilitada, permite a atacantes remotos causar una denegación de servicio a través de paquetes UDP no especificados. A potential security vulnerability has been identified with HP-UX running HP-UX IPFilter. The vulnerability could be remotely e... • http://www.securitytracker.com/id/1035026 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 87EXPL: 0CVE-2015-5434 – HP Security Bulletin HPSBHF03419 3
https://notcve.org/view.php?id=CVE-2015-5434
22 Dec 2015 — HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." HPE Networking Products, marcados originalmente como Comware 5, Comware 7, H3C o HP, permiten a atacantes remotos eludir las restricciones destinadas al acceso o provocar una denegación de servicio a través de "Virtual routing and forwarding (VRF) hopping." A potential security vulnerabi... • http://www.securityfocus.com/bid/79869 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2126 – HP Security Bulletin HPSBUX03359 1
https://notcve.org/view.php?id=CVE-2015-2126
29 Jun 2015 — Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. Vulnerabilidad no especificada en pppoec en HP HP-UX 11iv2 y 11iv3 permite a usuarios locales ganar privilegios mediante el aprovechamiento de permisos setuid. A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory. • http://www.securityfocus.com/bid/75462 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2015-3317 – CA Common Services Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3317
05 Jun 2015 — CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors. CA C... • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3316 – CA Common Services Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3316
05 Jun 2015 — CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. CA Common Services, utilizado en CA C... • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx •