This page lists publicly disclosed CVE vulnerabilities affecting hp hp-ux (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-30903 | HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. | [email protected] | 5.5 | 0.16% | 2023-06-16 | 2026-06-17 |
| CVE-2018-5740 | "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. | [email protected] | 7.5 | 59.35% | 2019-01-16 | 2026-06-16 |
| CVE-2016-2776 | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | [email protected] | 7.5 | 89.48% | 2016-09-28 | 2026-06-16 |
| CVE-2016-2775 | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | [email protected] | 5.9 | 63.35% | 2016-07-19 | 2026-06-16 |
| CVE-2015-2126 | Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. | [email protected] | 7.2 | 0.56% | 2015-07-06 | 2026-06-16 |
| CVE-2015-4000 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | [email protected] | 3.7 | 99.86% | 2015-05-20 | 2026-06-16 |
| CVE-2014-7879 | HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. | [email protected] | 8.5 | 4.72% | 2014-12-10 | 2026-06-16 |
| CVE-2014-7877 | Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. | [email protected] | 4.9 | 0.61% | 2014-10-30 | 2026-06-16 |
| CVE-2014-7874 | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | [email protected] | 6.8 | 1.55% | 2014-10-18 | 2026-06-16 |
| CVE-2014-2490 | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | [email protected] | 9.3 | 6.12% | 2014-07-17 | 2026-06-16 |
| CVE-2013-6209 | Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. | [email protected] | 4.3 | 2.70% | 2014-03-14 | 2026-06-16 |
| CVE-2013-6200 | Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors. | [email protected] | 6.2 | 0.36% | 2014-03-11 | 2026-06-16 |
| CVE-2013-4854 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. | [email protected] | 7.8 | 34.15% | 2013-07-29 | 2026-06-16 |
| CVE-2012-1823 KEV | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | [email protected] | 9.8 | 100.00% | 2012-05-11 | 2026-06-16 |
| CVE-2012-0131 | Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | [email protected] | 10.0 | 7.50% | 2012-04-05 | 2026-06-16 |
| CVE-2012-0126 | Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125. | [email protected] | 5.8 | 1.84% | 2012-03-28 | 2026-06-16 |
| CVE-2012-0125 | Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. | [email protected] | 3.3 | 0.44% | 2012-03-28 | 2026-06-16 |
| CVE-2011-2398 | Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors. | [email protected] | 6.8 | 0.31% | 2011-07-11 | 2026-06-16 |
| CVE-2011-0896 | Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors. | [email protected] | 6.8 | 2.92% | 2011-04-14 | 2026-06-16 |
| CVE-2011-0891 | Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors. | [email protected] | 4.4 | 0.28% | 2011-04-04 | 2026-06-16 |