Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2001-1123

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Mar, 2002 | 05:00
Updated At-08 Aug, 2024 | 04:44
Rejected At-
Credits

Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Mar, 2002 | 05:00
Updated At:08 Aug, 2024 | 04:44
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/782155
third-party-advisory
x_refsource_CERT-VN
https://exchange.xforce.ibmcloud.com/vulnerabilities/7222
vdb-entry
x_refsource_XF
http://www.securityfocus.com/advisories/3723
vendor-advisory
x_refsource_HP
http://www.securityfocus.com/advisories/3585
vendor-advisory
x_refsource_HP
http://www.securityfocus.com/bid/3399
vdb-entry
x_refsource_BID
Hyperlink: http://www.kb.cert.org/vuls/id/782155
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/7222
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/advisories/3723
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securityfocus.com/advisories/3585
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securityfocus.com/bid/3399
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/782155
third-party-advisory
x_refsource_CERT-VN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/7222
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/advisories/3723
vendor-advisory
x_refsource_HP
x_transferred
http://www.securityfocus.com/advisories/3585
vendor-advisory
x_refsource_HP
x_transferred
http://www.securityfocus.com/bid/3399
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/782155
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/7222
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/advisories/3723
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securityfocus.com/advisories/3585
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securityfocus.com/bid/3399
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Oct, 2001 | 04:00
Updated At:03 Apr, 2025 | 01:03

Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
HP Inc.
hp
>>openview_network_node_manager>>5.01
cpe:2.3:a:hp:openview_network_node_manager:5.01:*:*:*:*:*:*:*
HP Inc.
hp
>>openview_network_node_manager>>6.1
cpe:2.3:a:hp:openview_network_node_manager:6.1:*:*:*:*:*:*:*
HP Inc.
hp
>>openview_network_node_manager>>6.2
cpe:2.3:a:hp:openview_network_node_manager:6.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.kb.cert.org/vuls/id/782155cve@mitre.org
US Government Resource
http://www.securityfocus.com/advisories/3585cve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/advisories/3723cve@mitre.org
N/A
http://www.securityfocus.com/bid/3399cve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7222cve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/782155af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.securityfocus.com/advisories/3585af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/advisories/3723af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/3399af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7222af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.kb.cert.org/vuls/id/782155
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/advisories/3585
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/advisories/3723
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/3399
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/7222
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/782155
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/advisories/3585
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/advisories/3723
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/3399
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/7222
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

156Records found
CVE-2001-1181
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.28%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2016-3710
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Debian GNU/LinuxOracle CorporationHP Inc.
Product-enterprise_linux_serverenterprise_linux_server_aushelion_openstackxenserverqemuvirtualizationubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusvm_serverenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxlinuxopenstackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2001-0976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.50%
||
7 Day CHG~0.00%
Published-02 Feb, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables.

Action-Not Available
Vendor-n/aHP Inc.
Product-process_resource_managern/a
CVE-2001-1198
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.75%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-1182
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.82%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-0979
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.17% / 38.62%
||
7 Day CHG~0.00%
Published-02 Feb, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-0085
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.40%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-0551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 30.50%
||
7 Day CHG~0.00%
Published-18 Feb, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2016-0728
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-56.01% / 98.01%
||
7 Day CHG+0.62%
Published-08 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLCDebian GNU/LinuxHP Inc.Canonical Ltd.
Product-linux_kernelubuntu_linuxserver_migration_packdebian_linuxandroidn/a
CVE-2000-0078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1134
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.03% / 8.60%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1146
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.03% / 7.70%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.50%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local users to gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.82%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP CDE program includes the current directory in root's PATH variable.

Action-Not Available
Vendor-cden/aHP Inc.
Product-hp-uxcden/a
CVE-1999-1145
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.93%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1135
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 23.99%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2012-2291
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-21 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.

Action-Not Available
Vendor-n/aELAN Microelectronics CorporationHP Inc.Apple Inc.
Product-mac_os_xavamar_pluginavamarhp-uxn/a
CVE-1999-1433
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.15% / 35.82%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetadminn/a
CVE-1999-0336
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.80%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mstm in HP-UX allows local users to gain root access.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0324
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ppl program in HP-UX allows local users to create root files through symlinks.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fpkg2swpk in HP-UX allows local users to gain root access.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0307
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.80%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in HP-UX cstm program allows local users to gain root privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0306
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.02% / 76.33%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

buffer overflow in HP xlock program.

Action-Not Available
Vendor-n/aHP Inc.
Product-vvosn/a
CVE-1999-0138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.10% / 27.41%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Action-Not Available
Vendor-digitaln/aFreeBSD FoundationHP Inc.Apple Inc.NEC CorporationLinux Kernel Organization, IncIBM Corporation
Product-linux_kernelhp-uxews-ux_vaixa_uxup-ux_vasl_ux_4800freebsdosf_1n/a
CVE-1999-0014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.86% / 74.12%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized privileged access or denial of service via dtappgather program in CDE.

Action-Not Available
Vendor-cden/aIBM CorporationHP Inc.
Product-hp-uxvvoscdeaixn/a
CVE-1999-0022
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.51%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Action-Not Available
Vendor-bsdin/absdiSilicon Graphics, Inc.IBM CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)HP Inc.
Product-bsd_oshp-uxaixsolarisirixsunosfreebsdn/afreebsdbsd_ossolarissunoshp-uxaixirix
CWE ID-CWE-125
Out-of-bounds Read
CVE-1999-0130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.89% / 74.51%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local users can start Sendmail in daemon mode and gain root privileges.

Action-Not Available
Vendor-eric_allmanbsdin/aThe MITRE Corporation (Caldera)HP Inc.IBM CorporationFreeBSD FoundationRed Hat, Inc.
Product-sendmailbsd_oshp-uxaixfreebsdlinuxnetwork_desktopn/a
CVE-1999-0127
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 30.64%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in xlock program allows local users to execute commands as root.

Action-Not Available
Vendor-data_generalbsdin/aSilicon Graphics, Inc.IBM CorporationDebian GNU/LinuxSun Microsystems (Oracle Corporation)HP Inc.
Product-bsd_oshp-uxdg_uxaixsolarisirixsunosdebian_linuxn/axlock
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-1999-0040
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.30% / 52.81%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Action-Not Available
Vendor-bsdin/aFreeBSD FoundationHP Inc.Silicon Graphics, Inc.NEC CorporationSun Microsystems (Oracle Corporation)IBM Corporation
Product-bsd_oshp-uxews-ux_vaixsolarisup-ux_vasl_ux_4800irixsunosfreebsdn/a
CVE-2019-6328
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.62%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 16:23
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.

Action-Not Available
Vendor-HPHP Inc.
Product-support_assistantHP Support Assistant
CVE-2019-6329
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-2.56% / 84.95%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 16:24
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.

Action-Not Available
Vendor-HPHP Inc.
Product-support_assistantHP Support Assistant
CVE-2019-6333
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 16:06
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.

Action-Not Available
Vendor-HPHP Inc.
Product-touchpoint_analyticsTouchpoint Analytics
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-4322
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.93%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 15:05
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-4154
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.93%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 15:05
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.

Action-Not Available
Vendor-HP Inc.IBM CorporationOracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kerneldb2hp-uxaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-3484
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.8||HIGH
EPSS-0.45% / 62.65%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 16:06
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_loggerArcSight Logger
CVE-2012-1796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-20 Mar, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncIBM CorporationSun Microsystems (Oracle Corporation)HP Inc.
Product-linux_kernelsunoshp-uxdb2aixn/a
CVE-2019-18915
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.57%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 23:04
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_event_utilityHP System Event Utility
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-18913
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.52%
||
7 Day CHG~0.00%
Published-31 Jan, 2020 | 03:04
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Action-Not Available
Vendor-HP Inc.
Product-proone_440_g5_aioprobook_640_g5proone_600_g5_aioprodesk_600_g5_pci_mtprodesk_400_g6_mtelitebook_830_g6elitedesk_800_g5_sffeliteone_800_g5_aio_firmwareprodesk_400_g6_sff_firmwareelite_dragonfly_firmwareelitebook_x360_830_g6_firmwarezbook_17u_g6_mobile_workstation_firmwareelitebook_830_g6_firmwareprodesk_600_g5_sffprobook_650_g5_firmwareelitedesk_800_g5_dmelitedesk_800_g5_dm_firmwareelite_x2_g4_firmwareprodesk_600_g5_sff_firmwareprodesk_600_g5_mt_firmwareelite_dragonflyelitebook_836_g6_firmwareproone_400_g5_aio_firmwarezbook_14u_g6_mobile_workstationelitebook_840_g6_healthcare_editionelitebook_850_g6zbook_15u_g6_mobile_workstationprodesk_400_g5_dm_firmwarezbook_14u_g6_mobile_workstation_firmwareelitebook_850_g6_firmwareprodesk_600_g5_pci_mt_firmwareprodesk_400_g6_sffproone_600_g5_aio_firmwareelitebook_846_g6probook_640_g5_firmwareproone_440_g5_aio_firmwareelitebook_x360_1030_g4elitebook_836_g6elitebook_846_g6_healthcare_editionzhan_x_13_g2probook_650_g5prodesk_600_g5_mtelitedesk_800_g5_twr_firmwareprodesk_600_g5_dmprodesk_480_g6_mtelitebook_840_g6_healthcare_edition_firmwarezbook_17u_g6_mobile_workstationelitedesk_800_g5_twrelitebook_840_g6elite_x2_g4eliteone_800_g5_aioelitebook_x360_1040_g6_firmwareproone_400_g5_aioelitebook_x360_1030_g4_firmwareelitebook_x360_830_g6elitedesk_800_g5_sff_firmwareprodesk_400_g5_dmelitebook_846_g6_firmwareelitebook_846_g6_healthcare_edition_firmwareprodesk_600_g5_dm_firmwareelitebook_x360_1040_g6elitebook_840_g6_firmwarezhan_x_13_g2_firmwarezbook_15u_g6_mobile_workstation_firmwareprodesk_480_g6_mt_firmwareprodesk_400_g6_mt_firmwareHP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection.
CVE-2019-16287
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 37.75%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 21:30
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.

Action-Not Available
Vendor-HPHP Inc.
Product-thinproThinPro Linux
CVE-2003-1360
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.59%
||
7 Day CHG~0.00%
Published-17 Oct, 2007 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-1615
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.66%
||
7 Day CHG~0.00%
Published-25 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64hp-uxn/a
CVE-2008-1659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 20.05%
||
7 Day CHG~0.00%
Published-08 May, 2008 | 00:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-ldap-uxhp-uxn/a
CVE-2022-27239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.37%
||
7 Day CHG-0.02%
Published-27 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Action-Not Available
Vendor-n/aSUSEHP Inc.Debian GNU/LinuxSambaFedora Project
Product-linux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_high_performance_computingmanager_serverlinux_enterprise_real_timehelion_openstackopenstack_cloudcifs-utilsmanager_proxymanager_retail_branch_serverlinux_enterprise_microdebian_linuxfedoralinux_enterprise_point_of_servicecaas_platformlinux_enterprise_desktoplinux_enterprise_storageenterprise_storageopenstack_cloud_crowbarn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7113
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.6||MEDIUM
EPSS-0.11% / 30.04%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-integrated_lights-out_5_firmwaregen_10_serversintegrated_lights-outHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CVE-2022-23933
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Action-Not Available
Vendor-n/aHP Inc.
Product-pc_biosHP PC BIOS
CVE-2017-8968
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.72% / 71.62%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-restful_interface_toolHPE RESTful Interface Tool
CVE-2021-39301
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.55%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-proone_600_g5_21.5-in_all-in-one_business_pcelitebook_840_g5zbook_studio_g5_firmwareprobook_440_g5elitebook_1050_g1_firmwareeliteone_800_g4_23.8-inch_non-touch_all-in-one_pcprobook_640_g7eliteone_800_g6_27_all-in-one_pcprobook_640_g4prodesk_680_g6_pci_microtower_pceliteone_800_g6_24_all-in-one_pc_firmwareelitedesk_805_g8_small_form_factor_pczhan_66_pro_14_g2probook_630_g8_firmwareelitebook_x360_830_g5_firmwareelitebook_x360_830_g5prodesk_600_g5_microtower_pc\(with_pci_slot\)elite_x2_1013_g3elitedesk_800_g5_small_form_factor_pcelitedesk_880_g6_tower_pcprodesk_600_g4_microtower_pc\(with_pci_slot\)_firmwareproone_440_g6_24_all-in-one_pc_firmwarezhan_66_pro_13_g2elite_dragonflyprobook_440_g5_firmwareelite_dragonfly_maxelitebook_840_g7_firmwareprodesk_405_g8_desktop_mini_pczbook_14u_g6_firmwareeliteone_800_g8_24_all-in-one_pc260_g3_desktop_mini_pcprobook_x360_11_g3_education_editionzbook_17_g6zbook_15_g6probook_650_g8_firmwareproone_400_g6_24_all-in-one_pcelitebook_850_g6_firmwareeliteone_800_g6_24_all-in-one_pcprodesk_480_g5_microtower_pcprobook_430_g8_firmwareelitedesk_800_95w_g4_desktop_mini_pczbook_fury_17_g7_firmwarezhan_66_pro_14_g3elitedesk_800_g4_workstation_editionzbook_studio_15_g8_firmwareelitedesk_880_g8_tower_pc_firmwareelitebook_836_g6prodesk_405_g8_small_form_factor_pczbook_17_g6_firmwareprobook_470_g5elitedesk_800_65w_g4_desktop_mini_pcelitebook_850_g5_firmwareprodesk_480_g7_pci_microtower_pc_firmwareelitebook_840_g8elitebook_x360_1030_g7_firmwareprobook_640_g4_firmwareelitebook_846_g5probook_x360_11_g7_education_editionelitedesk_800_g4_small_form_factor_pc_firmwarezbook_fury_15_g7z4_g4_workstation_\(xeon_w\)zhan_66_pro_15_g3eliteone_800_g5_23.8-in_healthcare_edition_all-in-oneproone_440_g4_23.8-inch_non-touch_all-in-one_business_pcelitedesk_800_g8_tower_pczbook_17_g5_firmwareelitebook_x360_1040_g8_firmwarez8_g4_workstation_firmwareelitebook_830_g5zhan_66_pro_g3_24_all-in-one_pcelitedesk_800_g6_tower_pcproone_600_g6_22_all-in-one_pc_firmwareelitebook_x360_1040_g6elitebook_840_g6_firmwareprodesk_405_g8_desktop_mini_pc_firmwarezhan_66_pro_15_g2elitedesk_800_g5_tower_pcelitebook_840_g5_firmwareeliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmwareelitebook_x360_1030_g8probook_640_g5zbook_firefly_14_g7_firmwareproone_400_g6_20_all-in-one_pc_firmwarez1_entry_tower_g6_workstationprobook_x360_11_g6_education_editionz4_g4_workstation_\(xeon_w\)_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwareelite_dragonfly_g2elitebook_830_g6prodesk_400_g7_microtower_pcprodesk_600_g5_small_form_factor_pcproone_440_g5_23.8-in_all-in-one_business_pc_firmwareprobook_x360_11_g7_education_edition_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pcprobook_430_g6_firmwareprodesk_400_g6_small_form_factor_pc_firmwareeliteone_800_g5_23.8-inch_all-in-oneprodesk_600_g4_desktop_mini_pc_firmwareprobook_650_g5_firmwarez1_entry_tower_g5_workstationeliteone_800_g8_27_all-in-one_pcproone_400_g4_20-inch_non-touch_all-in-one_business_pcproone_400_g5_20-inch_all-in-one_business_pc260_g3_desktop_mini_pc_firmwarez1_entry_tower_g5_workstation_firmwarezbook_fury_17_g8elitedesk_800_g4_small_form_factor_pcprodesk_680_g4_microtower_pceliteone_800_g6_27_all-in-one_pc_firmwareelitebook_x360_830_g7elitebook_x360_1040_g8probook_450_g5probook_450_g6_firmwareelitebook_836_g6_firmwareelitedesk_880_g4_tower_pceliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmwareelitebook_x360_1030_g7prodesk_400_g6_microtower_pc_firmwareprobook_430_g5_firmwareelitebook_836_g5_firmwareelitebook_x360_1040_g7_firmwareprobook_650_g7_firmwarezbook_17_g5probook_x360_440_g1zhan_66_pro_15_g3_firmwareprodesk_400_g5_microtower_pcprobook_440_g7elitebook_x360_1040_g5elitedesk_800_35w_g4_desktop_mini_pczbook_fury_17_g8_firmwareeliteone_800_g8_27_all-in-one_pc_firmwareeliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmwareelitebook_850_g8prodesk_600_g4_microtower_pcelitebook_x360_1030_g4probook_x360_440_g1_firmwareelitebook_830_g8_firmwareprodesk_600_g4_small_form_factor_pcprodesk_600_g5_microtower_pc_firmwareelitedesk_880_g6_tower_pc_firmwarezbook_15_g5_firmwareelitebook_840_g5_healthcare_edition_firmwareprodesk_400_g6_desktop_mini_pcz1_entry_tower_g6_workstation_firmwareprobook_x360_11_g3_education_edition_firmwareprodesk_400_g5_small_form_factor_pc_firmwarezbook_firefly_14_g7elitebook_840_g6_healthcare_edition_firmwaremp9_g4_retail_systemzbook_fury_15_g8probook_640_g7_firmwareelitebook_840_g6zhan_66_pro_g3_24_all-in-one_pc_firmwareelitebook_x360_830_g8probook_470_g5_firmwareengage_flex_mini_retail_system_firmwareelitebook_850_g8_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pcelitebook_x360_830_g6probook_450_g8prodesk_400_g5_microtower_pc_firmwarezbook_power_15_g8_firmwareelitedesk_880_g5_tower_pc_firmwareprodesk_600_g5_microtower_pc\(with_pci_slot\)_firmwareeliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmwareprobook_x360_11_g4_education_editionzbook_studio_g7prodesk_600_g4_microtower_pc\(with_pci_slot\)elitebook_840_aero_g8_firmwareproone_400_g6_20_all-in-one_pcprodesk_600_g5_microtower_pcprodesk_600_g6_small_form_factor_pcz4_g4_workstation_\(core-x\)_firmwarezbook_fury_15_g7_firmwareprobook_640_g8_firmwarezbook_14u_g5_firmwareprodesk_600_g6_small_form_factor_pc_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwarezbook_studio_x360_g5elitedesk_800_g8_small_form_factor_pc_firmwarez1_g8_tower_desktop_pc_firmwarezbook_15u_g6zbook_studio_x360_g5_firmwareeliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pceliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pcelitedesk_800_g8_desktop_mini_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcelitedesk_800_g4_tower_pcelitedesk_880_g5_tower_pczbook_firefly_15_g8elite_dragonfly_max_firmwarezbook_studio_g7_firmwareproone_440_g5_23.8-in_all-in-one_business_pcprobook_x360_11_g6_education_edition_firmwarezbook_firefly_15_g7_firmwarez6_g4_workstationproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareeliteone_800_g4_23.8-inch_touch_all-in-one_pcelitebook_846_g5_firmwareprodesk_600_g5_small_form_factor_pc_firmwareelite_x2_g8_tabletzbook_15u_g5prodesk_600_g6_microtower_pczbook_fury_17_g7elitebook_840_g5_healthcare_editionprodesk_480_g6_microtower_pc_firmwareproone_440_g6_24_all-in-one_pceliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmwareprodesk_400_g4_desktop_mini_pc_firmwareelite_x2_1013_g3_firmwareelitedesk_805_g6_small_form_factor_pcprodesk_400_g5_small_form_factor_pcelitebook_830_g7_firmwarezbook_14u_g6eliteone_1000_g2_23.8-in_touch_all-in-one_business_pcelitebook_850_g6probook_450_g7zbook_15u_g6_firmwareproone_400_g6_24_all-in-one_pc_firmwareelitedesk_880_g4_tower_pc_firmwareprodesk_680_g6_pci_microtower_pc_firmwareprodesk_400_g6_microtower_pcprobook_440_g8prodesk_600_g4_desktop_mini_pcprobook_450_g7_firmwareprobook_640_g5_firmwareprobook_440_g6probook_450_g6prodesk_600_g5_desktop_mini_pc_firmwareprodesk_600_g5_desktop_mini_pcprobook_630_g8probook_650_g8probook_650_g4_firmwarezbook_firefly_15_g8_firmwarezbook_fury_15_g8_firmwareelitedesk_800_g6_small_form_factor_pcprobook_650_g4zhan_x_13_g2probook_650_g5z6_g4_workstation_firmwarezbook_studio_g5prodesk_600_g4_small_form_factor_pc_firmwareelitedesk_800_g8_desktop_mini_pc_firmwarezbook_create_g7elitedesk_805_g8_small_form_factor_pc_firmwarezhan_66_pro_14_g2_firmwareprodesk_600_g4_microtower_pc_firmwareprobook_430_g8zbook_studio_15_g8elitedesk_800_g5_desktop_mini_pc_firmwareprodesk_400_g6_desktop_mini_pc_firmwareelitebook_x360_1040_g7elite_x2_g4prodesk_600_g6_desktop_mini_pc_firmwarezbook_15_g5probook_430_g6eliteone_800_g5_23.8-inch_all-in-one_firmwareelitebook_830_g8elitebook_x360_1030_g3proone_400_g5_23.8-inch_all-in-one_business_pc_firmwareelitedesk_805_g6_desktop_mini_pc_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmwareelitedesk_800_g5_desktop_mini_pcelitedesk_800_g6_small_form_factor_pc_firmwarezhan_x_13_g2_firmwareelitebook_x360_830_g8_firmwareprodesk_600_g6_desktop_mini_pczhan_66_pro_14_g4prodesk_680_g4_microtower_pc\(with_pci_slot\)probook_430_g7probook_450_g8_firmwareproone_400_g5_23.8-inch_all-in-one_business_pcprodesk_680_g4_microtower_pc\(with_pci_slot\)_firmwareelitebook_836_g5elitedesk_800_g5_small_form_factor_pc_firmwareelitedesk_800_g8_tower_pc_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareprodesk_680_g4_microtower_pc_firmwareelitebook_830_g7elitedesk_800_g6_desktop_mini_pcprodesk_400_g7_small_form_factor_pcprobook_650_g7prodesk_400_g7_microtower_pc_firmwareprodesk_600_g6_microtower_pc_firmwareelitedesk_805_g6_desktop_mini_pcprobook_x360_11_g4_education_edition_firmwareelite_x2_g8_tablet_firmwareeliteone_1000_g2_34-in_curved_all-in-one_business_pcelite_dragonfly_firmwareelitedesk_800_95w_g4_desktop_mini_pc_firmwareprobook_440_g6_firmwareelitebook_x360_830_g6_firmwareelitebook_840_g8_firmwareelitebook_830_g6_firmwareelitebook_850_g7zhan_66_pro_g3_22_all-in-one_pcelitedesk_805_g6_small_form_factor_pc_firmwareelitebook_x360_1040_g5_firmwareelitedesk_800_g6_tower_pc_firmwarezhan_66_pro_g1_firmwareprobook_x360_11_g5_education_edition_firmwarezbook_firefly_14_g8probook_430_g5probook_430_g7_firmwareelitedesk_800_g6_desktop_mini_pc_firmwareelite_x2_g4_firmwarezbook_power_g7_firmwarezhan_66_pro_13_g2_firmwarezbook_power_15_g8zbook_firefly_14_g8_firmwareelitebook_x360_830_g7_firmwareelite_dragonfly_g2_firmwareelitebook_850_g7_firmwareelitebook_x360_1030_g3_firmwareproone_600_g6_22_all-in-one_pceliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmwareelitedesk_800_g4_workstation_edition_firmwarezhan_66_pro_g3_22_all-in-one_pc_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmwareelitebook_840_g6_healthcare_editioneliteone_1000_g2_23.8-in_all-in-one_business_pcelitebook_840_aero_g8probook_450_g5_firmwarezhan_66_pro_15_g2_firmwarezhan_66_pro_14_g4_firmwarezbook_firefly_15_g7eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pcprodesk_480_g6_microtower_pcz8_g4_workstationzbook_14u_g5eliteone_800_g8_24_all-in-one_pc_firmwareelitedesk_805_g8_desktop_mini_pc_firmwareprodesk_400_g4_desktop_mini_pcelitebook_x360_1030_g8_firmwareprobook_640_g8zhan_66_pro_g1z4_g4_workstation_\(core-x\)mp9_g4_retail_system_firmwareelitebook_840_g7elitebook_840r_g4elitedesk_800_g4_tower_pc_firmwareelitebook_1050_g1prodesk_400_g7_small_form_factor_pc_firmwareengage_flex_mini_retail_systemprodesk_400_g5_desktop_mini_pcelitebook_850_g5z1_g8_tower_desktop_pczbook_power_g7probook_440_g7_firmwareelitedesk_880_g8_tower_pcproone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareelitebook_x360_1040_g6_firmwareproone_600_g5_21.5-in_all-in-one_business_pc_firmwareelitebook_x360_1030_g4_firmwareelitedesk_800_g8_small_form_factor_pczhan_66_pro_14_g3_firmwarezbook_15u_g5_firmwareelitedesk_805_g8_desktop_mini_pcprobook_x360_11_g5_education_editionprobook_440_g8_firmwareelitedesk_800_35w_g4_desktop_mini_pc_firmwareelitebook_830_g5_firmwarezbook_15_g6_firmwareelitedesk_800_g5_tower_pc_firmwareelitebook_840r_g4_firmwareprodesk_405_g8_small_form_factor_pc_firmwareprodesk_480_g7_pci_microtower_pcprodesk_480_g5_microtower_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarezbook_create_g7_firmwareprodesk_400_g5_desktop_mini_pc_firmwareprodesk_400_g6_small_form_factor_pcBUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS
CVE-2017-3210
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.50%
||
7 Day CHG~0.00%
Published-24 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution

Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

Action-Not Available
Vendor-portraitPortrait DisplayHP Inc.PhilipsFujitsu Limited
Product-displayview_clickportrait_display_sdkdisplay_assistantmy_displaydisplayview_click_suitesmart_control_premiumSDK
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-16
Not Available
CVE-2017-2740
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.62%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 16:00
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.

Action-Not Available
Vendor-HP Inc.
Product-thinproHP ThinPro
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found