The OVAL Repository5.62015-09-03T08:33:17.069-04:00HP-UX Running on Itanium Platforms Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."Robert L. HollisDRAFTMatthew WojcikINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.23)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX 11.04 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)HP-UX 11The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running sendmail, Remote Denial of Service (DoS)HP-UX 11Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDApache HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS)HP-UX 11The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local Unauthorized AccessHP-UX 11Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of PrivilegeHP-UX 11VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX usermod(1M) Local Unauthorized Access.HP-UX 11Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running HP CIFS Server (Samba), Remote Unauthorized AccessHP-UX 11Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Usermod Local Unauthorized Access Vulnerability instead of usermod Recursive Ownership Error.HP-UX 11ApacheUnspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMNabil OuchnACCEPTEDACCEPTEDHP-UX Trusted Mode remshd, Remote Unauthorized AccessHP-UX 11Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDApache HTTP Byte-range DoS VulnerabilityHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDApache Integer Overflow in pcre_compile.cHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11 Perl rmtree Race ConditionHP-UX 11PerlRace condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of InformationHP-UX 11Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX 11.00 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX running HP CIFS Server (Samba), Remote Unauthorized AccessHP-UX 11Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File ModificationHP-UX 11Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Software Distributor (sd), Local Privilege Increase, Unauthorized AccessHP-UX 11Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File ModificationHP-UX 11The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File ModificationHP-UX 11Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Directory Server and Red Hat Directory Server for HP-UX, Local Disclosure of Information, Privilege EscalationHP-UX 11** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running sendmail, Remote Denial of Service (DoS)HP-UX 11Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.AsleshaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX 11.23 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of InformationHP-UX 11Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of InformationHP-UX 11ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)HP-UX 11The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.Chandan M CDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11.11 or 11.23 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.23)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.02)HP-UX 11SambaInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of PrivilegeHP-UX 11Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Role-Based Access Control (RBAC), Local Unauthorized AccessHP-UX 11Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running XNTP, Remote Execution of Arbitrary CodeHP-UX 11Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDJaikumarINTERIMACCEPTEDACCEPTEDHP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX ttrace(2), Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.Pai PengDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11.11 swagentd Denial of ServiceHP-UX 11swagentdUnspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.11)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)HP-UX 11Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Unauthorized AccessHP-UX 11Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)HP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running B6848AB GTK+ Support Libraries, Local Increased PrivilegeHP-UX 11HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running IPFilter, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)HP-UX 11Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)HP-UX 11The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)HP-UX 11Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDautomountd can run user programs as root.HP-UX 11Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)HP-UX 11CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Execution of Arbitrary CodeHP-UX 11The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the BIND executableHP-UX 11Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running LDAP-UX, Local Unauthorized AccessHP-UX 11Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)HP-UX 11The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running CDE, Local Increased Privilege, Denial of Service (DoS)HP-UX 11Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)HP-UX 11mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running xterm Local Unauthorized AccessHP-UX 11Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running ftpd, Remote Privileged AccessHP-UX 11ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the BIND executableHP-UX 11Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11.11 or 11.23 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running CDE, Local Increased Privilege, Denial of Service (DoS)HP-UX 11Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running ARPA Transport, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized AccessHP-UX 11The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDThe vacation program erroneously passes parameters to sendmail.HP-UX 11Vacation program allows command execution by remote users through a sendmail command.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.23)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running rpcbind, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote UnauthorizedHP-UX 11Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)HP-UX 11Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDPotential Sec. Vulnerability in Java VM, JSSE, Plug-in,
and Webstart. (rev.1)HP-UX 11X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)HP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)HP-UX 11Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Using libc, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDPai PengINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMPrashant KumarACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the BIND executableHP-UX 11Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDsendmail release 8.8.6 causes Denial of Service failures.HP-UX 11Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running System Administration Manager (SAM), Unintended Remote AccessHP-UX 11Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary CodeHP-UX 11Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor Local Elevation of PrivilegeHP-UX 11Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHPUX Running useradd(1M), Local Unauthorized AccessHP-UX 11Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX newgrp(1), Local Increased PrivilegeHP-UX 11Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX libDtSvc, Local Increase in PrivilegeHP-UX 11Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running shar(1), Local Execution of Arbitrary CodeHP-UX 11shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDBuffer overflows in Software Distributor (SD) commands.HP-UX 11Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running bootpd, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running logins(1M), Remote Unauthorized AccessHP-UX 11The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Ignite-UX, Remote Unauthorized AccessHP-UX 11HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS)HP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Apache, Remote Execution of Arbitrary CodeHP-UX 11The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDThe Xserver was built incorrectly for HP-UX 11.22.HP-UX 11The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDAn rlpdaemon logic flaw vulnerability has been reported to us that may allow a remote or local attacker to execute arbitrary code with superuser privilege.HP-UX 11RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote DNS Cache PoisoningHP-UX 11The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."Michael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running TCP/IP Remote Denial of Service (DoS)HP-UX 11HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running sort, Remote Unauthorized Access, Denial of Service (DoS)HP-UX 11The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDThe SharedX program recserv is vulnerable to a denial of service attack.HP-UX 11Denial of service in HP-UX SharedX recserv program.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Portable File System (PFS), Remote Increase in PrivilegeHP-UX 11Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX running X.25 Local Denial of Service (Dos)HP-UX 11Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.Michael WoodMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Kernel Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDA TCP SYN packet with target host's address as both source and destination can cause system hangs.HP-UX 11A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDThe NSAPI plugin versions of the TGA and the Java Servlet proxy demonstrate high CPU utilization under certain conditions.HP-UX 11The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running rpc.yppasswdd, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary CodeHP-UX 11Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDThe lpspool subsystem has various security oriented defects.HP-UX 11Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.Michael WoodDRAFTINTERIMACCEPTEDACCEPTED/opt/audio/bin/Aserver can be used to gain root access.HP-UX 11The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDA TCP SYN packet with target host's address as both source and destination can cause system hangs.HP-UX 11Land IP denial of service.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running DCE, Remote Denial of Service (DoS)HP-UX 11Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running ftpd Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX ftpd, Remote Privileged AccessHP-UX 11Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDOnLineJFS sticky bit does not function properly.HP-UX 11JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDecsd has a user authorization problem.HP-UX 11HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running ARPA Transport, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running BIND v9.2.0, Remote Denial of Service (DoS)HP-UX 11Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running rpcbind Software, Denial of Service (DoS)HP-UX 11rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX mkdir(1) Local Unauthorized AccessHP-UX 11Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Java Web Start, Remote Unauthorized Privileged AccessHP-UX 11The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated PrivilegesHP-UX 11Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized AccessHP-UX 11The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized AccessHP-UX 11Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege ElevationHP-UX 11Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running login(1), Local Increased PrivilegeHP-UX 11Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDdtterm has misuse potential.HP-UX 11Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in auto_parms and set_parmsHP-UX 11Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Advanced Server/9000 for HP-UX (AS/U) RFC-Netbios, Remote Denial of Service (DoS)HP-UX 11RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of sevrice (panic) via a malformed UDP packet on port 139.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary CodeHP-UX 11Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running IPSec, Remote Denial of Service (DoS)HP-UX 11Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Software Distributor (SD) Remote Unauthorized AccessHP-UX 11Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDKermit communications software contains a buffer overflow.HP-UX 11Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.Michael WoodDRAFTINTERIMACCEPTEDACCEPTED/opt/audio/bin/Aserver can be used to gain root access.HP-UX 11HP-UX aserver program allows local users to gain privileges via a symlink attack.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated PrivilegesHP-UX 11Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX kmmodreg (1M), Local Denial of Service (DoS), Increased PrivilegeHP-UX 11kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running ARPA Transport, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running SD, Local Unauthorized Access, Denial of Service (DoS)HP-UX 11Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running newgrp(1), Local Privilege ElevationHP-UX 11Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDCertain files used by the asecure program have unsafe permissions.HP-UX 11asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running IPSec, Remote Unauthorized AccessHP-UX 11Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDPotential buffer overflow in rexec(1)HP-UX 11Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary CodeHP-UX 11Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running HP Secure Shell, Remotely Gain Extended PrivilegesHP-UX 11ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running LDAP-UX Integration, Remote Increased PrivilegeHP-UX 11Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDThere is a potential buffer overflow in /usr/bin/stmkfont.HP-UX 11Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running ptrace(2), Local Denial of Service (DoS)HP-UX 11ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDA TCP SYN packet with target host's address as both source and destination can cause system hangs.HP-UX 11Teardrop IP denial of service.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDshutdown(1M) improperly handles input variables.HP-UX 11Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDttsession uses weak RPC authentication mechanismHP-UX 11The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor Local Elevation of PrivilegeHP-UX 11Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running useradd(1M), Local Unauthorized AccessHP-UX 11Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX in Trusted mode, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDVarious remote network commands have security defects.HP-UX 11Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.Michael WoodDRAFTINTERIMACCEPTEDACCEPTED/opt/audio/bin/Aserver can be used to gain root access.HP-UX 11The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Aries PA Emulator, Local Unauthorized AccessHP-UX 11Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDSecurity Vulnerability during ftp operations.HP-UX 11ftp on HP-UX 11.00 allows local users to gain privileges.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX stmkfont Local Unauthorized Privileged AccessHP-UX 11stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running rlpdaemon, Remote Unauthorized Access, Increased PrivilegeHP-UX 11Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized AccessHP-UX 11Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX passwd(1), Local Denial of Service (DoS)HP-UX 11Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration ChangeHP-UX 11The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.Michael WoodDRAFTMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)HP-UX 11Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache with PHP, Remote Execution of Arbitrary CodeHP-UX 11The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDThe inet server (inetd) on HP-UX can be hung by malicious users.HP-UX 11Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running the LP Subsystem, remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running ndd(1M), Local Denial of Service (DoS)HP-UX 11Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDBuffer overflow vulnerability in the CDE Calendar Manager Service Daemon, rpc.cmsd.HP-UX 11Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running dlkm, Local Unauthorized Increase in PrivilegeHP-UX 11Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX, Local Denial of Service (DoS)HP-UX 11The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor (SD), Local Increased Privileges.HP-UX 11Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX ftpd, Remote Unauthorized AccessHP-UX 11Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running wall(1), Local Privilege Increase, Denial of Service (DoS)HP-UX 11Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running ARPA Transport, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running System Administration Manager (SAM), Local Elevation of PrivilegeHP-UX 11Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running ARPA Transport Software, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running XNTP, Remote Execution of Arbitrary CodeHP-UX 11Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.Pai PengDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDJaikumarINTERIMACCEPTEDACCEPTEDSecurity restrictions are not consistently enforced when starting applications under HP-UX 11.20.HP-UX 11geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)HP-UX 11Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDFixes a problem with the e-mail or modem traffic to and from on-site customer machines and Response Center Predictive machines.HP-UX 11Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDthe ied(1) command reveals data improperly.HP-UX 11Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDrpc.pcnfsd has an error in its use of the spool directoryHP-UX 11rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running ftp, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running ARPA Transport, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running ARPA Transport, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDDomain Enterprise Server Management System (DESMS) processes allow increased privileges.HP-UX 11Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDthe top(1) command has a security defect.HP-UX 11Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running dtmail, Local Execution of Arbitrary CodeHP-UX 11Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running setrlimit(1M), Denial of Service (DoS)HP-UX 11setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropeed, which could allow local users to cause a denial of service by exhausting available disk space.Michael WoodDRAFTINTERIMMichael WoodACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Partition Manager parmgr (1M), Remote Unauthorized AccessHP-UX 11Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)HP-UX 11Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11.11, 11.23 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDThe Audio Security File is world writable.HP-UX 11HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor Local Elevation of PrivilegeHP-UX 11Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running xntpd, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX LP subsystem, Local Denial of Service (DoS)HP-UX 11Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).Michael WoodDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.00)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.11)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX 11.04 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.04)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX 11.23 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX AutoRAID Critical Functionality IssueHP-UX 11AutoRAID ManagerPossible unknown vulnerability or vulnerabilities in HP DiskArray Utilities with AutoRAID Manager.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX 11.04 swagentd Denial of ServiceHP-UX 11swagentdUnspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX OpenSSL Vulnerability (DHE man-in-the-middle protection (Logjam))HP-UX 11The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.JaikumarDRAFTDRAFTHP-UX OpenSSL Vulnerability (CMS verify infinite loop with unknown hash function)HP-UX 11The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.JaikumarDRAFTDRAFTHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX OpenSSL Vulnerability (Race condition handling NewSessionTicket)HP-UX 11Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.JaikumarDRAFTDRAFTHP-UX OpenSSL Vulnerability (PKCS7 crash with missing EnvelopedContent)HP-UX 11The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.JaikumarDRAFTDRAFTHP-UX OpenSSL Vulnerability (Malformed ECParameters causes infinite loop)HP-UX 11The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.JaikumarDRAFTDRAFTHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX OpenSSL Vulnerability (Exploitable out-of-bounds read in X509_cmp_time)HP-UX 11The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.JaikumarDRAFTDRAFTHP-UX OpenSSL Vulnerability (Alternative Chain Certificate Forgery)HP-UX 11The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.JaikumarDRAFTDRAFTHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDCIFS Server (Samba) Vulnerability on HPUXHP-UX 11The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.JaikumarDRAFTINTERIMJaikumar KulkarniACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDSymmetric-Key feature allows denial of serviceHP-UX 11The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running NTP. These
could be exploited remotely to execute code, create a Denial of Service (DoS), or other
vulnerabilities.HP-UX 11The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.JaikumarMike CokusACCEPTEDJaikumarINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running NTP. These
could be exploited remotely to execute code, create a Denial of Service (DoS), or other
vulnerabilities.HP-UX 11util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.JaikumarMike CokusACCEPTEDJaikumarINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running NTP. These
could be exploited remotely to execute code, create a Denial of Service (DoS), or other
vulnerabilities.HP-UX 11** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.JaikumarMike CokusACCEPTEDJaikumarINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDSymmetric-Key feature allows MAC address spoofing.HP-UX 11The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running NTP. These
could be exploited remotely to execute code, create a Denial of Service (DoS), or other
vulnerabilities.HP-UX 11The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.JaikumarMike CokusACCEPTEDJaikumarINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running NTP. These
could be exploited remotely to execute code, create a Denial of Service (DoS), or other
vulnerabilities.HP-UX 11Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.JaikumarMike CokusACCEPTEDJaikumarINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.JaikumarDRAFTINTERIMJaikumar KulkarniACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other VulnerabilitiesHP-UX 11The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other VulnerabilitiesHP-UX 11sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND Remote Denial of Service (DoS)HP-UX 11Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.PuneethDRAFTINTERIMPrashant KumarACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDA potential security vulnerability has been identified in the HP-UX running PAM using
libpam_updbe in pam.conf(4). This vulnerability could allow remote users to bypass certain
authentication restrictions.HP-UX 11HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.Prashant KumarPrashant KumarMike CokusMike CokusACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running BIND Remote Denial of Service (DoS)HP-UX 11ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.PuneethDRAFTINTERIMPrashant KumarACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified with HP-UX running OpenSSL.
These vulnerabilities could be exploited remotely to create a remote Denial of Service
(DoS) and other vulnerabilites.HP-UX 11Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other VulnerabilitiesHP-UX 11The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.JaiKumarDRAFTINTERIMACCEPTEDACCEPTEDPotential security vulnerabilities have been identified in the Java Runtime
Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities
could allow remote unauthorized access, disclosure of information, and other
vulnerabilities.HP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other VulnerabilitiesHP-UX 11The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.Ganesh ManalDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDJRE and JDK Vulnerability on HPUXHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) AttackHP-UX 11OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) AttackHP-UX 11The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running System Management Homepage (SMH), Remote Cross-Site Request ForgeryHP-UX 11Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX kernel, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running OpenSSL, Multiple VulnerabilitiesHP-UX 11Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running OpenSSL, Multiple VulnerabilitiesHP-UX 11d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running OpenSSL, Multiple VulnerabilitiesHP-UX 11The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running OpenSSL, Multiple VulnerabilitiesHP-UX 11The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized AccessHP-UX 11Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running OpenSSL, Multiple VulnerabilitiesHP-UX 11Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other VulnerabilitiesHP-UX 11The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized AccessHP-UX 11The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) AttackHP-UX 11Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized AccessHP-UX 11Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDRemote Code Execution or Unauthorized AccesssHP-UX 11The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDRemote Denial of Service (DoS)HP-UX 11The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDRemote Denial of Service (DoS)HP-UX 11The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDRemote Unauthorized AccessHP-UX 11The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDRemote Unauthorized Access or Disclosure of InformationHP-UX 11OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.Prashant KumarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.Sushant Kumar SinghDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.Sushant Kumar SinghDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX m4(1), Local Unauthorized AccessHP-UX 11Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.Ganesh ManalDRAFTINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Whitelisting (WLI), Local Unauthorized AccessHP-UX 11Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors.Sushant Kumar SinghDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security RestrictionsHP-UX 11OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.Sushant Kumar SinghDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security RestrictionsHP-UX 11The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.Sushant Kumar SinghDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security RestrictionsHP-UX 11The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.Sushant Kumar SinghDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.Sushant Kumar SinghDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Unauthorized AccessHP-UX 11OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.Sushant Kumar SinghDRAFTSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11.23 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Domain Name RevalidationHP-UX 11The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS), Authentication BypassHP-UX 11ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)HP-UX 11The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of PrivilegeHP-UX 11The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS), Authentication BypassHP-UX 11ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS), Authentication BypassHP-UX 11ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)HP-UX 11unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS)HP-UX 11The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction BypassHP-UX 11PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS)HP-UX 11ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Xserver, Remote Execution of Arbitrary CodeHP-UX 11Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS)HP-UX 11The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP Serviceguard, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS)HP-UX 11mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of PrivilegeHP-UX 11scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)HP-UX 11Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Xserver, Remote Execution of Arbitrary CodeHP-UX 11The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS)HP-UX 11OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)HP-UX 11The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Xserver, Remote Execution of Arbitrary CodeHP-UX 11The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of PrivilegeHP-UX 11Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDCIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS)HP-UX 11Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Denial of Service (DoS)HP-UX 11crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of PrivilegesHP-UX 11The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX WBEM, Remote Unauthorized Access to Diagnostic DataHP-UX 11Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS)HP-UX 11Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX WBEM, Remote Unauthorized Access to Diagnostic DataHP-UX 11Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, and Other VulnerabilitiesHP-UX 11Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11.11 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running HP Secure Shell, Remote Denial of Service (DoS)HP-UX 11The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS)HP-UX 11The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Xserver, Remote Execution of Arbitrary CodeHP-UX 11X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication BypassHP-UX 11OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDCIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)HP-UX 11Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Cross Site Scripting (XSS)HP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS)HP-UX 11mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS)HP-UX 11Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction BypassHP-UX 11PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized DisclosureHP-UX 11OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS), Authentication BypassHP-UX 11ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Denial of Service (DoS)HP-UX 11The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)HP-UX 11Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary CodeHP-UX 11Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary CodeHP-UX 11ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized AccessHP-UX 11The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)HP-UX 11sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Directory Server, Remote Disclosure of InformationHP-UX 11389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Xserver, Remote Execution of Arbitrary CodeHP-UX 11Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Cross Site Scripting (XSS)HP-UX 11The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running DCE, Remote Denial of Service (DoS)HP-UX 11Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized AccessHP-UX 11The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Directory Server, Remote Disclosure of InformationHP-UX 11389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication BypassHP-UX 11OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of PrivilegeHP-UX 11protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors.Ganesh ManalDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of PrivilegesHP-UX 11The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Xserver, Remote Execution of Arbitrary CodeHP-UX 11Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication BypassHP-UX 11Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)HP-UX 11PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)HP-UX 11sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX ttrace(2), Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.Ganesh ManalDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDCIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)HP-UX 11Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)HP-UX 11envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of InformationHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS)HP-UX 11The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized DisclosureHP-UX 11The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)HP-UX 11Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.Ganesh ManalDRAFTGanesh ManalINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX running perl, Remote Denial of Service (DoS)HP-UX 11The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Denial of Service (DoS)HP-UX 11OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilitiesHP-UX 11org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other VulnerabilitiesHP-UX 11Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."Ganesh ManalDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11.11 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX 11.00 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.11)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX 11.00 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX su(1) Local Unauthorized AccessHP-UX 11Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDWebproxy Off-by-One Error in mod_ssl CRLHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX AutoRAID Critical Functionality IssueHP-UX 11AutoRAID ManagerPossible unknown vulnerability or vulnerabilities in HP DiskArray Utilities with AutoRAID Manager.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDWebproxy CGI Byterange Request DoSHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDVirusVault Off-by-One Error in mod_ssl CRLHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDpasswd Local DoS Vulnerability (B.11.23)HP-UX 11/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDpasswd Local DoS Vulnerability (B.11.11)HP-UX 11/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVirusVault Integer Overflow in pcre_compileHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.00)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.22)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWebproxy HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.11)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX Local Increased PrivilegeHP-UX 11Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX SIM Hangs MS-IE Due to MS04-025 ChangesHP-UX 11Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX Shared Library Privilege Escalation Vulnerability (B.11.00)HP-UX 11Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX Trusted Mode remshd Remote Unauthorized Access (B.11.23)HP-UX 11remshdUnknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX envd, Local Execution of Privileged CodeHP-UX 11envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDLeaking GSSAPI Credentials Vulnerability (B.11.00/B.11.11)HP-UX 11SecureShellsshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.22)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDzlib Compression Remote DoS Vulnerability (B.11.00/B.11.11)HP-UX 11SecureShellzlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.11-IPSEC)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVirusVault HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWebproxy Integer Overflow in pcre_compileHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)HP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Denial of Service (DoS)HP-UX 11The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)HP-UX 11Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)HP-UX 11Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Denial of Service (DoS)HP-UX 11The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Denial of Service (DoS)HP-UX 11Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary CodeHP-UX 11Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Denial of Service (DoS)HP-UX 11The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)HP-UX 11native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Denial of Service (DoS)HP-UX 11Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX xterm Privilege Escalation Vulnerability (B.11.11)HP-UX 11Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.Robert L. HollisDRAFTMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.01)HP-UX 11SambaInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)HP-UX 11The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)HP-UX 11Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Shared Library Privilege Escalation Vulnerability (B.11.11)HP-UX 11Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Containers (SRP), Local Unauthorized Access and Increased PrivilegesHP-UX 11Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors.Yamini Mohan RDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.11)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running System Administration Manager (SAM), Local Increase in PrivilegeHP-UX 11Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX envd Local Execution of Privileged Code (B.11.00)HP-UX 11envdenvd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX passwd(1) Local Denial of Service (DoS)HP-UX 11/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.23-IPSEC)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)HP-UX 11Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDApache mod_ssl CRL off-by-one DoSHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDLeaking GSSAPI Credentials Vulnerability (B.11.23)HP-UX 11SecureShellsshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.00)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)HP-UX 11The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)HP-UX 11Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDMozilla IDN heap overrun using soft-hyphensHP-UX 11mozillaBuffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)HP-UX 11Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running CDE Calendar Manager, Remote Execution of Arbitrary CodeHP-UX 11Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data AccessHP-UX 11The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)HP-UX 11The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)HP-UX 11The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.23)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDzlib Compression Remote DoS Vulnerability (B.11.23)HP-UX 11SecureShellzlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS)HP-UX 11Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)HP-UX 11Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDVirusVault CGI Byterange Request DoSHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDCIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)HP-UX 11Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.Sudha AkulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS)HP-UX 11The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.Sudha AkulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDWebproxy HTTP Request Smuggling (B.11.04)HP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)HP-UX 11The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Denial of Service (DoS)HP-UX 11The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote Compromise of NXDOMAIN Responses.HP-UX 11ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local Unauthorized AccessHP-UX 11Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)HP-UX 11Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)HP-UX 11Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Kerberos, Remote Unauthorized Modification.HP-UX 11MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.10.24)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX Running BIND, Remote DNS Cache PoisoningHP-UX 11The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.Yamini Mohan RDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running NFS/ONCplus, NFS Inadvertently EnabledHP-UX 11The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.Aslesha NargolkarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in PrivilegeHP-UX 11Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Threaded Processes, Remote Denial of Service (DoS)HP-UX 11HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.K, BalamuruganDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Kerberos, Remote Unauthorized Modification.HP-UX 11MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access.HP-UX 11sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX running AudFilter rules enabled, Local Denial of Service (DoS)HP-UX 11Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.Aslesha NargolkarDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11.11 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)HP-UX 11OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)HP-UX 11The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.HP-UX 11Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.Varun NarulaDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX Trusted Mode remshd Remote Unauthorized Access (B.11.11)HP-UX 11remshdUnknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.11)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other VulnerabilitiesHP-UX 11Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.Aslesha NargolkarDRAFTINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDPrashant KumarINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDHP-UX 11.04 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDusermod Recursive Ownership Error (B.11.23)HP-UX 11Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDHP-UX Running swagentd Remote Denial of Service (DoS)HP-UX 11Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.04)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDOS-Core.CORE2-KRNPHKL33713PHKL33714InternetSrvcs.INETSVCS-RUNPHNE40393PHNE40388InternetSrvcs.INETSVCS2-RUNhpuxwsAPACHE.MOD_PERLhpuxwsAPCH32.AUTH_LDAP2hpuxwsAPACHE.MOD_JKhpuxwsAPACHE.WEBPROXYhpuxwsAPACHE.APACHE2hpuxwsAPCH32.MOD_JK2hpuxwsAPACHE.MOD_PERL2hpuxwsAPCH32.MOD_PERLhpuxwsAPCH32.PHP2hpuxwsAPCH32.WEBPROXYhpuxwsAPACHE.AUTH_LDAPhpuxwsAPCH32.MOD_JKhpuxwsAPCH32.PHPhpuxwsAPACHE.APACHEhpuxwsAPACHE.MOD_JK2hpuxwsAPACHE.PHPhpuxwsAPCH32.APACHE2hpuxwsAPACHE.AUTH_LDAP2hpuxwsAPCH32.AUTH_LDAPhpuxwsAPACHE.PHP2hpuxwsAPCH32.MOD_PERL2hpuxwsAPCH32.APACHESG-Oracle-Tool.CM-ORACLESG-Sybase-Tool.CM-SYBASEPHSS40229PHSS40230PHCO40520PHCO40519PHCO40518VRTSweb.VRTSWEBPHCO33142PHCO34764OS-Core.SYS-ADMINPHCO34763OS-Core.SYS2-ADMINCIFS-CFSM.CFSM-KRNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-DOCCIFS-Server.CIFS-MANCIFS-CFSM.CFSM-RUNJre60.JRE60-IPF32-HSJre60.JRE60-PA20W-HSJre14.JRE14-IPF64Jdk14.JDK14-IPF64Jdk14.JDK14-PA20Jdk14.JDK14-PA11Jre15.JRE15-IPF64Jre15.JRE15-PA20Jre14.JRE14-COMJdk14.JDK14-IPF32Jre14.JRE14-PA11Jre14.JRE14-PA20WJre60.JRE60-PA20WJre15.JRE15-PA20W-HSJre15.JRE15-PA20-HSJre15.JRE15-IPF64-HSJdk60.JDK60-COMJre15.JRE15-IPF32Jre60.JRE60-IPF64-HSJdk14.JDK14-PA20WJdk60.JDK60-PA20Jdk15.JDK15-IPF64Jre15.JRE15-IPF32-HSJre14.JRE14-IPF32-HSJre14.JRE14-IPF64-HSJre14.JRE14-PA20-HSJre14.JRE14-PA20W-HSJdk14.JDK14-COMJdk60.JDK60-IPF32Jdk60.JDK60-IPF64Jdk15.JDK15-PA20WJdk60.JDK60-PA20WJre60.JRE60-IPF32Jdk15.JDK15-COMJre14.JRE14-PA20Jre60.JRE60-IPF64Jre60.JRE60-PA20-HSJre60.JRE60-PA20Jre15.JRE15-PA20WJre14.JRE14-IPF32Jre15.JRE15-COMJdk15.JDK15-IPF32Jdk15.JDK15-PA20Jre14.JRE14-PA11-HSPHNE33791PHNE33792PHNE33790Perl5.*\.PERL-RUNPerl5.*\.PERL-RUNPerl5.*\.PERL-RUNPerl5.*\.PERL-RUNPerl5.*\.PERL-RUNCIFS-CFSM.CFSM-KRNCIFS-CFSM.CFSM-RUNCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBCIFS-Server.CIFS-MANCIFS-Server.CIFS-RUNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-DOCKRB5-Client.KRB5-PRGKRB5-Client.KRB5-SHLIBPHSS41166PHSS41167krb5client.KRB5-SHLIB-Akrb5client.KRB5-64SLIB-AKRB5-Client.KRB5-IA64SLIBkrb5client.KRB5IA32SLIB-AKRB5-Client.KRB5-64SLIBKRB5-Client.KRB5-RUNkrb5client.KRB5IA64SLIB-AKRB5-Client.KRB5-IA32SLIBkrb5client.KRB5-PRG-Akrb5client.KRB5-RUN-APHSS41168SW-DIST.GZIP2SW-DIST.SD2-PROVIDERSW-DIST.SD2-CMDSSW-DIST.SD2-AGENTSW-DIST.SD-CMDSSW-DIST.SD-PROVIDERSW-DIST.SD-FALPHCO41200SW-DIST.SD-AGENTPHCO41202SW-DIST.GZIPSW-DIST.SD-EXAMPLESPHCO41201hpuxwsTOMCAT.TOMCATHpuxDirSvr.SLAPD-RUNRedHatDirSvr.SLAPD-DEVELRedHatDirSvr.GUI-HELPHpuxDirSvr.CORE-RUNRedHatDirSvr.CORE-RUNHpuxDirSvr.GUI-RUNRedHatDirSvr.ADMSVR-SHAREDHpuxDirSvr.ADMSVR-RUNRedHatDirSvr.GUI-RUNRedHatDirSvr.SLAPD-SHAREDRedHatDirSvr.ADMSVR-RUNRedHatDirSvr.GUI-SHAREDHpuxDirSvr.GUI-SHAREDHpuxDirSvr.GUI-HELPHpuxDirSvr.SLAPD-SHAREDHpuxDirSvr.SLAPD-DEVELHpuxDirSvr.ADMSVR-SHAREDRedHatDirSvr.SLAPD-RUNInternetSrvcs.INETSVCS2-RUNPHNE40393InternetSrvcs.INETSVCS-RUNPHNE40388SMAIL-811.INETSVCS-SMAILInternetSrvcs.INETSVCS-RUNBindUpgrade.BIND2-UPGRADEInternetSrvcs.INETSVCS2-RUNInternetSrvcs.INETSVCS-INETDBindUpgrade.BIND-UPGRADEPHNE40339BINDv920.INETSVCS-BINDhpuxws22APCH32.PHP2hpuxwsAPACHE.PHPhpuxws22APCH32.PHPhpuxwsAPACHE.PHP2hpuxwsAPCH32.PHPhpuxws22APACHE.PHP2hpuxws22APACHE.PHPhpuxwsAPCH32.PHP2PHNE_30983PHNE_31732CIFS-Server.CIFS-RUNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBVRTSvxfs.VXFS-RUNPHCO39124PHKL39029PHCO39027PHCO39104VRTSodm.ODM-RUNVRTSvxfs.VXFS-RUN-PALIBPHCO38913PHKL39130VRTSodm.ODM-KRNVRTSvxfs.VXFS-PRGPHKL38795PHCO39132PHCO39103VRTSodm.ODM-MANRBAC.RBAC-WEBPHCO40131RBAC.RBAC-CONFRBAC.RBAC-RUNkrb5client.KRB5-RUN-Akrb5client.KRB5-PRG-Akrb5client.KRB5IA32SLIB-Akrb5client.KRB5IA64SLIB-Akrb5client.KRB5-64SLIB-Akrb5client.KRB5-SHLIB-APHKL40197OS-Core.CORE2-KRNProgSupport.PAUX-ENG-A-MANProgSupport.C-INCWUFTP-26.INETSVCS-FTPGTK+.GTK+-SRCGettext.GETTEXT-SRCGLib.GLIB-SRCPHNE35766PHNE35545IPF-HP.IPF-MINProgSupport.C-INCPHKL38987OS-Core.CORE2-KRNPHNE20371LdapUxClient.PAM-AUTHZ-RUNLdapUxClient.NATIVELDAP-RUNLdapUxClient.ADMIN-RUNLdapUxClient.CORE-RUNLdapUxClient.LDAP-C-SDKNisLdapServer.YPLDAP-SERVERLdapUxClient.LDUX-ENG-A-MANCDE.CDE-TTPHSS34159X11.X11-RUN-CLPHSS34160PHSS34102PHNE38458InternetSrvcs.INETSVCS-RUNCDE.CDE-HELP-RUNPHSS23797PHSS24087CDE.CDE-RUNPHSS24091CDE.CDE-MINCDE.CDE-ENG-A-HELPCDE.CDE-ENG-A-MANCDE-TTCDE.CDE-FONTSCDE.CDE-ENG-A-MSGCDE.CDE-DTTERMCDE.CDE-SHLIBSPHSS24098PHNE35766PHNE35351PHNE16295InternetSrvcs.INETSVCS-RUNPHNE_33414PHNE36982NFS.NFS-64SLIBPHNE37110NFS.NFS-SHLIBSJre14.JRE14-PA20-HSJdk14.JDK14-PA20WJpi14.JPI14-IPF32Jre14.JRE14-COM-DOCJre15.JRE15-PWV2-HJre14.JRE14-PWV2-HJdk14.JDK14-PWV2Jre15.JRE15-COMJre15.JRE15-COM-DOCJre15.JRE15-PNV2Jdk15.JDK15-PNV2Jdk14.JDK14-PA20Jre14.JRE14-PNV2Jre14.JRE14-IPF32-HSJre15.JRE15-IPF64-HSJre14.JRE14-IPF64Jre14.JRE14-PA20WJre14.JRE14-PNV2-HJre14.JRE14-PWV2Jre15.JRE15-IPF64Jdk14.JDK14-DEMOJre14.JRE14-IPF64-HSJre14.JRE14-PA20Jdk14.JDK14-PNV2Jdk14.JDK14-IPF64Jdk14.JDK14-IPF32Jre15.JRE15-PA20W-HSJdk14.JDK14-COMJre15.JRE15-PA20-HSJdk15.JDK15-IPF32Jre14.JRE14-IPF32Jre15.JRE15-PNV2-HJdk15.JDK15-IPF64Jre14.JRE14-PA11Jdk14.JDK14-PA11Jdk15.JDK15-PA20Jre15.JRE15-PWV2Jre15.JRE15-IPF32Jre14.JRE14-PA11-HSJpi14.JPI14-PA11Jre14.JRE14-COMJre14.JRE14-PA20W-HSJdk15.JDK15-DEMOJpi14.JPI14-COM-DOCJdk15.JDK15-PWV2Jdk15.JDK15-PA20WJre15.JRE15-PA20Jre15.JRE15-PA20WJre15.JRE15-IPF32-HSJpi14.JPI14-COMJdk15.JDK15-COMFirefox.FFOX-COMPHSS28685PHSS28686VaultTS.VV-IWS-JAVAopenssl.OPENSSL-RUNopenssl.OPENSSL-CERopenssl.OPENSSL-INCopenssl.OPENSSL-PRNGopenssl.OPENSSL-CONFopenssl.OPENSSL-LIBopenssl.OPENSSL-PVTopenssl.OPENSSL-MISNetscapeDirSvr7.NDS-NSPERLNetscapeDirSvr7.NDS-NCNetscapeDirSvr7.NDS-BSJRENetscapeDirSvr7.NDS-PERLDAPNetscapeDirSvr6.NDS-BSCLNTNetscapeDirSvr6.NDS-SVCORENetscapeDirSvr7.NDS-ADMNetscapeDirSvr7.NDS-BSCLNTNetscapeDirSvr7.NDS-RUNNetscapeDirSvr7.NDS-SLCLNTNetscapeDirSvr7.NDS-BASENetscapeDirSvr6.NDS-BSJRENetscapeDirSvr7.NDS-SLAPDNetscapeDirSvr6.NDS-SLCLNTNetscapeDirSvr6.NDS-BASENetscapeDirSvr6.NDS-NCNetscapeDirSvr6.NDS-NSPERLNetscapeDirSvr6.NDS-ADMNetscapeDirSvr7.NDS-SVCORENetscapeDirSvr6.NDS-SLAPDNetscapeDirSvr6.NDS-PERLDAPOS-Core.CORE-SHLIBSOS-Core.C-MINProgSupport.PROG-MINProgSupport.PROG-AX-64ALIBPHCO38273ProgSupport.PROG2-AUXPHCO38048OS-Core.C-MIN-64ALIBOS-Core.CORE-64SLIBPHNE12957PHNE17190SystemAdmin.SAMPHCO36563PHCO36562OS-Core.UX-COREPHCO38482PHCO38481PHCO38490OS-Core.UX2-COREPHCO23083OS-Core.CMDS-AUXCDE.CDE-SWE-I-MSGPHSS28682PHSS28675PHSS30167CDE.CDE-TTCDE.CDE-ENG-A-MSGCDE.CDE-FONTSCDE.CDE-DTTERMCDE.CDE-TCH-B-MSGCDE.CDE-SCH-H-MSGPHSS28676CDE.CDE-RUNCDE.CDE-ITA-I-MSGCDE.CDE-SHLIBSCDE.CDE-MINPHCO2901PHCO28954OS-Core.CMDS-AUXPHCO29697PHCO18183InternetSrvcs.INETSVCS2-BOOTPHNE39443PHNE39668PHNE39700DHCPv4.DHCPV4-RUNPHCO36808PHCO36003PHCO36809SOE.SOEIgnite-UX.RECOVERYIgnite-UX.FILESRV-1122IAIgnite-UX.BOOT-KRN-11-22Ignite-UX.BOOT-KRN-11-00Ignite-UX.MGMT-TOOLSIgnite-UX.BOOT-COMMON-IAIgnite-UX.FILE-SRV-11-23Ignite-UX.FILE-SRV-11-00Ignite-UX.BOOT-SERVICESIgnite-UX.BOOT-KRN-11-23Ignite-UX.BOOT-KRN-11-11Ignite-UX.FILE-SRV-11-11Ignite-UX.OBAM-RUNIgnite-UX.BOOT-COMMON-PAIgnite-UX.CFG-FILE-11-22Ignite-UX.IGNITEPHSS36871PHSS36870PHSS36869SysMgmtHomepage.SMH-RUNPHSS25291PHCO25111PHCO25110InternetSrvcs.INETSVCS2-RUNBINDv920.INETSVCS-BINDInternetSrvcs.INETSVCS-RUNInternetSrvcs.INETSVCS-INETDBindUpgrade.BIND-UPGRADEPHNE37865NameService.BIND-AUXNameService.BIND-RUNBindUpgrade.BIND2-UPGRADEPHNE30161PHKL31500PHNE34131Streams.STREAMS-KRNStreams.STREAMS2-KRNPHNE33427PHCO28467PHCO27565PHCO25918PHSS16649PHKL28060ProgSupport.C-INCPHCO25841PHKL28025PHKL26450PHCO26449OS-Core.UX-COREOS-Core.CORE-KRNOS-Core.CORE2-KRNPHKL26269PHNE34999SX25-HPerf.SX25-HPERF-COMSX25-HPerf.SX25-SNMPSX25-HPerf.PA-ALIBSX25-HPerf.COM-64ALIBSX25-HPerf.IP-64ALIBSX25-HPerf.COM-ALIBSX25-HPerf.SX25-HPERF-SAMSX25-HPerf.COM-32ALIBPHNE34009SX25-HPerf.IP-32ALIBSX25-HPerf.PA-32ALIBSYNC-WAN.SYNC-32ALIBPHNE34988SX25-HPerf.SX25-HPERF-IPSX25-HPerf.IP-ALIBSX25-HPerf.COM-64SLIBSX25-HPerf.PA-64ALIBSYNC-WAN.SYNC-COMSYNC-WAN.SYNC-64ALIBSX25-HPerf.SX25-HPERF-PASYNC-WAN.SYNC-ALIBSX25-HPerf.SX25-HPERF-MANSX25-HPerf.SX25-HPERF-PADPHKL34192PHKL34194PHKL34193hpuxwsTOMCAT.TOMCAThpuxws22TOMCAT.TOMCATPHSS22296NFS.NIS2-CORENFS.NIS2-SERVERNFS.NFS-CORENFS.NIS-CORENFS.NFS-KRNNFS.NFS-SERVERNFS.NFS-64ALIBNFS.NFS-ENG-A-MANNFS.NFS-64SLIBNFS.NFS-SHLIBSPHNE36449NFS.NIS-SERVERNFS.NIS-CLIENTNFS.NFS-PRGOS-Core.CORE-ENG-A-MANNFS.NISPLUS-CORENFS.KEY-CORENFS.NFS-CLIENTPHNE36260NFS.NIS2-CLIENTPHNE36168PHCO22365PHSS36004DCE-Core.DCE-IA64-SHLIBDCE-Core.DCE-COR-IA-RUNDCE-Core.DCE-COR-PA-RUNDCE-Core.DCE-CORE-RUNDCE-Core.DCE-COR-64SLIBPHSS36005DCE-CoreTools.DCE-BPRGDCE-Core.DCE-CORE-DTSDCE-Core.DCEC-ENG-A-MANDCE-Core.DCE-CORE-SHLIBPHNE33414PHNE33412PHNE33406PHNE34077PHKL34406PHKL34940PHNE31034PHNE29461PHNE29460PHKL24201PHSS24498PHNE30905Networking.NET-KRNNetworking.NMS2-KRNNetworking.NET-RUNNetworking.NET2-KRNPHNE29887OS-Core.CORE2-KRNPHNE29473PHNE32783BINDv920.INETSVCS-BINDInternetSrvcs.INETSVCS2-RUNPHNE32443PHNE25077PHNE24035rpcbindPHNE24034PHCO32036PHCO34151OS-Core.UX2-COREOS-Core.UX-COREPHCO35040PHCO34533Jdk15.JDK15-PNV2Jdk15.JDK15-DEMOJre15.JRE15-PA20-HSJre15.JRE15-PWV2-HJre15.JRE15-PNV2-HJdk15.JDK15-COMJre15.JRE15-IPF64-HSJre15.JRE15-PNV2Jre15.JRE15-PWV2Jdk15.JDK15-IPF64Jre15.JRE15-IPF64Jre15.JRE15-PA20WJre15.JRE15-IPF32Jre15.JRE15-IPF32-HSJre15.JRE15-PA20W-HSJdk15.JDK15-PWV2Jre15.JRE15-COMJre15.JRE15-PA20Jdk15.JDK15-IPF32Jdk15.JDK15-PA20WJdk15.JDK15-PA20Jre15.JRE15-COM-DOCCIFS-Server.CIFS-LIBCIFS-Server.CIFS-RUNCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-UTILOS-Core.CORE2-KRNNetworking.NET2-KRNNetworking.NET-RUNProgSupport.C-INCNetworking.NET-KRNNetworking.NMS2-KRNOS-Core.CORE-KRNOS-Core.SYS-ADMINPHNE38680Networking.NET-PRGNetworking.NET-RUN-64PHNE37897PHNE37898Networking.NET2-RUNOS-Core.SYS2-ADMINIgnite-UX.BOOT-SERVICESPHCO24083OS-Core.UX-COREPHCO23900PHCO24418PHSS22548PHSS22320PHCO21993PHCO22186PHNE26988RFC-NETBIOS.RFC-NETBIOSSW-DIST.SD-AGENTPHCO33822PHCO22665CIFS-Server.CIFS-UTILCIFS-Server.CIFS-LIBCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-RUNPHCO24147PHCO24112PHCO24197PHSS34288Sup-Tool-Mgr.STM-SHLIBSPHNE35729Networking.NET-PRGSW-DIST.SD-JPN-S-MANSW-DIST.SD-JPN-S-MSGSW-DIST.SD-JPN-E-HELPSW-DIST.SD-ENG-A-MANSW-DIST.SD-FALSW-DIST.SD-JPN-E-MANSW-DIST.SD-HELPSW-DIST.SD-JPN-E-MSGPHCO25887SW-DIST.SD-JPN-S-HELPPHCO25875PHCO26385PHCO29682OS-Core.CMDS-AUXPHSS24608IPSec.IPSEC2-KRNPHCO24723PHCO2919CIFS-Server.CIFS-DOCCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-UTILCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBCIFS-Server.CIFS-MANSecure_Shell.SECURE_SHELLLdapUxClient.LDUX-ENG-A-MANLdapUxClient.PAM-AUTHZ-RUNLdapUxClient.NATIVELDAP-RUNLdapUxClient.ADMIN-RUNNisLdapServer.YPLDAP-SERVERLdapUxClient.CORE-RUNLdapUxClient.LDAP-C-SDKPHSS31104PHSS29744PHKL27180PHKL27179PHKL27536PHNE14017PHCO21567PHCO21534PHSS19748PHCO34814PHCO34539SW-DIST.SD-CMDSPHCO34568PHCO36953PHCO37290PHCO37291OS-Core.SYS-ADMINOS-Core.SYS2-ADMINOS-Core.CORE-SHLIBSPHCO34806PHCO34214PHCO34215PHNE16091PHSS21663OS-Core.CORE2-64SLIBPHSS36311PHSS35528PHCO17601PHSS31987PHSS31989PHSS32196PHSS31988PHSS31990X11.X11-FONTSRVPHCO24700PHCO24701PHCO24868PrinterMgmt.LP-SPOOLKRBS-Support.KRBS-SUPP-NOTEPAM-Kerberos.PAM-KRB-I64LIBPAM-Kerberos.PAM-KRB-SHLIBKRBS-Support.KRBS-SUPP-RUNPAM-Kerberos.PAM-KRB-RUNKRBS-Support.KRBS-SUPP-MANPAM-Kerberos.PAM-KRB-IASLIBPAM-Kerberos.PAM-KRB-64SLIBPAM-Kerberos.PAM-KRB-MANPAM-Kerberos.PAM-KRB-DEMOPHCO25527PHCO24839PHCO26904OS-Core.CORE-SHLIBSIgnite-UX.MGMT-TOOLSDRD.DRD-RUNhpuxwsAPACHE.PHPhpuxwsAPCH32.PHPhpuxwsAPACHE.PHP2hpuxwsAPCH32.PHP2PHNE21835PHNE33791PHNE33790PHNE33792PHNE35146OS-Core.SYS-ADMINNetworking.NET2-KRNNetworking.NET-PRGPHNE25644Networking.NET-RUN-64ProgSupport.C-INCNetworking.NET-RUNNetworking.NET-KRNNetworking.NMS2-KRNOS-Core.CORE-KRNNetworking.NW-ENG-A-MANPHSS19483OS-Core.CORE-KRNPHCO23492OS-Core.CORE2-KRNPHKL26233SW-DIST.SD-AGENTPHCO28848SW-DIST.SD-CMDSPHCO28847PHCO30006PHNE32813PHNE30989PHNE30983WUFTP-26.INETSVCS-FTPPHNE30990InternetSrvcs.INETSVCS-RUNInternetSrvcs.INETSVCS2-RUNPHNE29462PHCO28719PHCO28718PHCO29085OS-Core.UX-COREOS-Core.CORE2-KRNPHNE36281SystemAdmin.OBAM-RUN-IAPHCO28125SystemAdmin.SAMPHSS31243PHSS31240PHCO32549PHSS31817SystemAdmin.OBAM-RUNInternetSrvcs.INETSVCS-BOOTPHNE34672PHNE34671PHNE39872PHNE39871NTP.NTP-RUNPHNE39873PHSS25454hpuxwsAPACHEPHSS14592PHCO24446PHNE16470InternetSrvcs.INETSVCS-RUNPHNE36193PHNE36192WUFTP-26.INETSVCS-FTPFTP.FTP-RUNInternetSrvcs.INETSVCS2-RUNFTP.FTP-AUXPHNE35352PHNE35351Networking.NET2-KRNPHNE35766Networking.NET-KRNNetworking.NET-RUNOS-Core.CORE2-KRNPHNE35183Networking.NET2-KRNNetworking.NMS2-KRNPHNE35182PHNE17949PHCO22921PHCO22686PHSS35434CDE.CDE-RUNPHSS35435PHSS35433PHKL23886PHKL23628PHKL23423PartitionManager.PARMGR-HELPPartitionManager.PARMGR-RUNPartitionManager.PARMGR-MANhpuxwsAPACHE.PHPhpuxwsAPACHE.MOD_PERLhpuxwsAPCH32.WEBPROXYhpuxwsAPACHE.AUTH_LDAP2hpuxwsAPCH32.MOD_PERL2hpuxwsAPCH32.APACHE2hpuxwsAPCH32.MOD_JK2hpuxwsAPCH32.PHPhpuxwsAPCH32.APACHEhpuxwsAPACHE.APACHE2hpuxwsAPACHE.WEBPROXYhpuxwsAPCH32.AUTH_LDAP2hpuxwsAPCH32.AUTH_LDAPhpuxwsAPCH32.MOD_PERLhpuxwsAPCH32.PHP2hpuxwsAPACHE.PHP2hpuxwsAPACHE.MOD_JKhpuxwsAPCH32.MOD_JKhpuxwsAPACHE.MOD_JK2hpuxwsAPACHE.APACHEhpuxwsAPACHE.MOD_PERL2hpuxwsAPACHE.AUTH_LDAPTOUR_PRODUCT.T-NET2-KRNPHSS24608SW-DIST.SD-CMDSPHCO34814PHCO34539PHCO34568PHNE27223PHNE27442PHNE24512InternetSrvcs.INET-ENG-A-MANInternetSrvcs.INETSVCS-BOOTPrinterMgmt.LP-SPOOLPHCO27132PHCO27020WUFTP-26.INETSVCS-FTPPHNE_33412InternetSrvcs.INETSVCS-RUNPHNE_34077InternetSrvcs.INETSVCS-RUNOS-Core.ARRAY-MGMTOS-Core.ADMN-ENG-A-MANPHCO_23262OS-Core.ARRAY-MGMTOS-Core.ADMN-ENG-A-MANhpuxws22TOMCAT.TOMCAT2PHNE44235PHNE44236NTP.NTP-RUNNTP.INETSVCS2-BOOTNTP.NTP-AUXInternetSrvcs.INETSVCS-BOOTInternetSrvcs.INETSVCS2-BOOTOS-Core.CORE2-SHLIBSOS-Core.CORE2-64SLIBOS-Core.ADMN-ENG-A-MANPHCO43874PHCO43873PHCO43875NameService.BIND-RUNNameService.BIND-AUXopenssl.OPENSSL-CERopenssl.OPENSSL-CONFopenssl.OPENSSL-DOCopenssl.OPENSSL-PRNGopenssl.OPENSSL-MISopenssl.OPENSSL-MANopenssl.OPENSSL-RUNopenssl.OPENSSL-PVTopenssl.OPENSSL-INCopenssl.OPENSSL-LIBopenssl.OPENSSL-SRChpuxws22TOMCAT.TOMCATJre60.JRE60-COMSecure_Shell.SECSH-CMNSecure_Shell.SECURE_SHELLJre70.JRE70-IPF64Jre70.JRE70Jre70.JRE70-IPF32-HSJre70.JRE70-IPF32Jdk70.JDK70-COMJdk70.JDK70-IPF32Jre70.JRE70-COM-DOCJdk70.JDK70-IPF64Jdk70.JDK70-DEMOJre70.JRE70-IPF64-HSJdk70.JDK70Jre70.JRE70-COMJre80.JRE80-IPF64Jre80.JRE800-IPF32-HSJdk80.JDK80-COMJdk80.JDK80-IPF64Jdk80.JDK80-IPF32Jre80.JRE800-IPF32Jre80.JRE80-IPF64-HSJdk80.JDK80-DEMOJre80.JRE80-COM-DOCJre80.JRE80-COMSysMgmtHomepage.SMH-PPAGESSysMgmtHomepage.SMH-ASSISTSysMgmtHomepage.SMH-ASSISTSysMgmtHomepage.SMH-RUNSysMgmtHomepage.SMH-UILIBSysMgmtHomepage.SMH-DOCSysMgmtHomepage.SMH-PPAGESSysMgmtHomepage.SMH-UILIB-COMSysMgmtHomepage.SMH-PPAGES-COMSysMgmtHomepage.SMH-XLAUNCHSysMgmtHomepage.SMH-DOCSysMgmtHomepage.SMH-DOC-COMSysMgmtHomepage.SMH-PPAGES-COMSysMgmtHomepage.SMH-XLAUNCHSysMgmtHomepage.SMH-SDKSysMgmtHomepage.SMH-RUNSysMgmtHomepage.SMH-SDKSysMgmtHomepage.SMH-SAMLOGSysMgmtHomepage.SMH-SAMLOGSysMgmtHomepage.SMH-UILIBSysMgmtHomepage.SMH-DOC-COMSysMgmtHomepage.SMH-UILIB-COMOS-Core.SYS-ADMINNetworking.NET2-RUNNetworking.NET2-KRNNetworking.NET-RUN-64Networking.NET-RUNOS-Core.SYS2-ADMINPHNE43814ProgSupport.C-INCNetworking.NET-PRGNetworking.NMS2-KRNOS-Core.CORE2-KRNCIFS-Server.CIFS-DOCCIFS-Server.CIFS-LIBCIFS-Server.CIFS-RUNCIFS-Server.CIFS-UTILCIFS-Development.CIFS-PRGCIFS-Server.CIFS-ADMINopenssl.OPENSSL-INCopenssl.OPENSSL-CONFopenssl.OPENSSL-DOCopenssl.OPENSSL-PVTopenssl.OPENSSL-CERopenssl.OPENSSL-PRNGopenssl.OPENSSL-MISopenssl.OPENSSL-PRNGopenssl.OPENSSL-MISopenssl.OPENSSL-LIBopenssl.OPENSSL-DOCopenssl.OPENSSL-MANopenssl.OPENSSL-INCopenssl.OPENSSL-LIBopenssl.OPENSSL-PVTopenssl.OPENSSL-SRCopenssl.OPENSSL-PVTopenssl.OPENSSL-SRCopenssl.OPENSSL-SRCopenssl.OPENSSL-DOCopenssl.OPENSSL-RUNopenssl.OPENSSL-MANopenssl.OPENSSL-RUNopenssl.OPENSSL-RUNopenssl.OPENSSL-CONFopenssl.OPENSSL-CERopenssl.OPENSSL-CERopenssl.OPENSSL-MISopenssl.OPENSSL-LIBopenssl.OPENSSL-PRNGopenssl.OPENSSL-INCopenssl.OPENSSL-CONFopenssl.OPENSSL-MANhpuxws22APCH32.AUTH_LDAP2hpuxws22APCH32.APACHEhpuxws22APACHE.WEBPROXYhpuxws22APACHE.PHPhpuxws22APCH32.AUTH_LDAPhpuxws22APACHE.AUTH_LDAP2hpuxws22APCH32.WEBPROXYhpuxws22APACHE.WEBPROXY2hpuxws22APACHE.APACHEhpuxws22APCH32.MOD_JK2hpuxws22APACHE.MOD_PERL2hpuxws22TOMCAT.TOMCAThpuxws22APCH32.WEBPROXY2hpuxws22APACHE.MOD_JK2hpuxws22APCH32.MOD_JKhpuxws22APCH32.APACHE2hpuxws22APACHE.MOD_PERLhpuxws22APCH32.PHP2hpuxws22APACHE.AUTH_LDAPhpuxws22APACHE.PHP2hpuxws22APCH32.PHPhpuxws22APCH32.MOD_PERL2hpuxws22APACHE.MOD_JKhpuxws22APCH32.MOD_PERLhpuxws22APACHE.APACHE2openssl.OPENSSL-SRCopenssl.OPENSSL-CONFopenssl.OPENSSL-MISopenssl.OPENSSL-PRNGopenssl.OPENSSL-MANopenssl.OPENSSL-MISopenssl.OPENSSL-PRNGopenssl.OPENSSL-INCopenssl.OPENSSL-INCopenssl.OPENSSL-PVTopenssl.OPENSSL-CERopenssl.OPENSSL-SRCopenssl.OPENSSL-DOCopenssl.OPENSSL-CERopenssl.OPENSSL-PVTopenssl.OPENSSL-RUNopenssl.OPENSSL-DOCopenssl.OPENSSL-LIBopenssl.OPENSSL-PRNGopenssl.OPENSSL-LIBopenssl.OPENSSL-RUNopenssl.OPENSSL-CONFopenssl.OPENSSL-CONFopenssl.OPENSSL-MANopenssl.OPENSSL-SRCopenssl.OPENSSL-RUNopenssl.OPENSSL-LIBopenssl.OPENSSL-MISopenssl.OPENSSL-DOCopenssl.OPENSSL-MANopenssl.OPENSSL-PVTopenssl.OPENSSL-INCopenssl.OPENSSL-CERCIFS-Server.CIFS-LIBCIFS-Server.CIFS-UTILCIFS-Server.CIFS-RUNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBCIFS-Server.CIFS-DOCCIFS-Server.CIFS-ADMINCIFS-CFSM.CFSM-KRNCIFS-Development.CIFS-PRGCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-ADMINCIFS-Development.CIFS-PRGCIFS-Server.CIFS-DOCCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-RUNCIFS-Development.CIFS-PRGCIFS-Server.CIFS-DOCCIFS-Server.CIFS-RUNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-DOCCIFS-Server.CIFS-UTILCIFS-Server.CIFS-UTILCIFS-Server.CIFS-DOCCIFS-Server.CIFS-UTILCIFS-Development.CIFS-PRGCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-UTILCIFS-Server.CIFS-DOCCIFS-Server.CIFS-LIBCIFS-Server.CIFS-UTILCIFS-Server.CIFS-UTILCIFS-Server.CIFS-LIBCIFS-Development.CIFS-PRGCIFS-Server.CIFS-DOCCIFS-Server.CIFS-UTILCIFS-Development.CIFS-PRGCIFS-Development.CIFS-PRGCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBCIFS-Server.CIFS-DOCCIFS-Server.CIFS-DOCCIFS-Server.CIFS-LIBCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBCIFS-CFSM.CFSM-RUNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-ADMINCIFS-Development.CIFS-PRGCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-UTILCIFS-Server.CIFS-RUNCIFS-Development.CIFS-PRGCIFS-Server.CIFS-RUNCIFS-Development.CIFS-PRGCIFS-Development.CIFS-PRGCIFS-Server.CIFS-DOCCIFS-Server.CIFS-LIBCIFS-Server.CIFS-LIBCIFS-Server.CIFS-DOCJre70.JRE70-IPF64Jre60.JRE60-IPF32Jre60.JRE60-IPF64Jre60.JRE60-PA20W-HSJdk60.JDK60-IPF64Jre70.JRE70-IPF32-HSJre60.JRE60-IPF64-HSJdk70.JDK70-IPF64Jdk60.JDK60-PNV2Jdk70.JDK70-DEMOJre60.JRE60-PA20-HSJre60.JRE60-PA20WJre60.JRE60-PWV2-HJre60.JRE60-IPF32-HSJdk60.JDK60-IPF32Jdk70.JDK70-IPF32Jdk70.JDK70-COMJre70.JRE70-COMJre70.JRE70-IPF32Jdk60.JDK60-PA20WJre60.JRE60-PNV2Jdk60.JDK60-COMJre60.JRE60-PNV2-HJre60.JRE60-COM-DOCJre60.JRE60-PWV2Jre60.JRE60-COMJdk60.JDK60-PA20Jre60.JRE60-PA20Jdk60.JDK60Jdk60.JDK60-PWV2Jre70.JRE70-IPF64-HSopenssl.OPENSSL-LIBopenssl.OPENSSL-SRCopenssl.OPENSSL-DOCopenssl.OPENSSL-RUNopenssl.OPENSSL-CERopenssl.OPENSSL-CONFopenssl.OPENSSL-PVTopenssl.OPENSSL-MISopenssl.OPENSSL-INCopenssl.OPENSSL-MANopenssl.OPENSSL-PRNGJdk70.JDK70-IPF64Jdk70.JDK70-IPF32Jre70.JRE70-IPF32-HSJre70.JRE70-IPF32Jre70.JRE70-IPF64Jdk70.JDK70-COMJre70.JRE70-COMJre70.JRE70-IPF64-HSJdk70.JDK70-DEMOJre60.JRE60-IPF32Jre60.JRE60-PNV2-HJdk60.JDK60-IPF64Jre60.JRE60-IPF64-HSJdk60.JDK60-PA20WJre60.JRE60-COM-DOCJre60.JRE60-IPF32-HSJre60.JRE60-PA20Jre60.JRE60-PA20W-HSJdk60.JDK60-COMJre60.JRE60-PA20WJdk60.JDK60-PA20Jdk60.JDK60Jre60.JRE60-COMJre60.JRE60-PWV2-HJre60.JRE60-IPF64Jdk60.JDK60-PNV2Jdk60.JDK60-IPF32Jre60.JRE60-PA20-HSJre60.JRE60-PWV2Jdk60.JDK60-PWV2Jre60.JRE60-PNV2PHCO43917ProgSupport.PROG-MINPHCO43843PHCO43835NFS.NFS-SERVERNFS.NFS-64SLIBOS-Core.CORE-ENG-A-MANNFS.NFS-KRNNFS.NFS-64ALIBNFS.NFS-ENG-A-MANNFS.NFS-SHLIBSPHNE43577PHNE43706NFS.NFS-CLIENTNFS.NISPLUS-CORENFS.NFS2-CORENFS.NFS-PRGNFS.NFS-CORENFS.NIS-SERVERNFS.NIS-CORENFS.NFS-KRNNFS.NFS2-CORENFS.NFS-KRNNFS.KEY-CORENFS.NIS-CLIENTWLI-PROD.WLI-RUNWLI-PROD.WLI-DEVWLI-PROD.WLI-KRNfips_1_1_2.FIPS-DOCopenssl.OPENSSL-SRCfips_1_1_2.FIPS-CONFopenssl.OPENSSL-MISopenssl.OPENSSL-MANfips_1_2.FIPS-INCfips_1_2.FIPS-DOCopenssl.OPENSSL-INCfips_1_2.FIPS-CONFfips_1_1_2.FIPS-RUNfips_1_1_2.FIPS-MISfips_1_2.FIPS-MISopenssl.OPENSSL-RUNopenssl.OPENSSL-CONFURL:fips_1_1_2.FIPS-LIBfips_1_2.FIPS-LIBfips_1_1_2.FIPS-INCfips_1_2.FIPS-SRCopenssl.OPENSSL-PVTfips_1_1_2.FIPS-SRCfips_1_2.FIPS-RUNopenssl.OPENSSL-DOCfips_1_1_2.FIPS-MANopenssl.OPENSSL-LIBfips_1_2.FIPS-MANopenssl.OPENSSL-CERopenssl.OPENSSL-PRNGNameService.BIND-AUXNameService.BIND-RUNopenssl.OPENSSL-LIBopenssl.OPENSSL-RUNfips_1_2.FIPS-DOCopenssl.OPENSSL-CONFfips_1_1_2.FIPS-INCfips_1_1_2.FIPS-DOCfips_1_1_2.FIPS-MANopenssl.OPENSSL-PVTopenssl.OPENSSL-MISopenssl.OPENSSL-MANopenssl.OPENSSL-DOCfips_1_1_2.FIPS-LIBfips_1_1_2.FIPS-CONFfips_1_1_2.FIPS-SRCfips_1_1_2.FIPS-RUNfips_1_2.FIPS-CONFopenssl.OPENSSL-INCfips_1_2.FIPS-SRCfips_1_2.FIPS-MANfips_1_2.FIPS-LIBURL:openssl.OPENSSL-PRNGfips_1_2.FIPS-MISfips_1_2.FIPS-RUNopenssl.OPENSSL-SRCopenssl.OPENSSL-CERfips_1_1_2.FIPS-MISfips_1_2.FIPS-INCJdk70.JDK70-IPF64Jre70.JRE70-IPF64-HSJre70.JRE70-IPF64Jre70.JRE70-IPF32-HSJre70.JRE70-COMJdk70.JDK70-DEMOJdk70.JDK70-COMJdk70.JDK70-IPF32Jre70.JRE70-IPF32PHNE_32606InternetSrvcs.INETSVCS2-RUNInternetSrvcs.INETSVCS-INETDInternetSrvcs.INETSVCS-RUNNameService.BIND-RUNNameService.BIND-AUXPHNE43369BINDv920.INET-SVCS-BINDNameService.BIND-RUNBindUpgrade.BIND-UPGRADEBindUpgrade.BIND2-UPGRADENameService.BIND-AUXBindUpgrade.BIND-UPGRADEopenssl.OPENSSL-MANopenssl.OPENSSL-MISopenssl.OPENSSL-MANopenssl.OPENSSL-INCopenssl.OPENSSL-PRNGopenssl.OPENSSL-SRCopenssl.OPENSSL-DOCopenssl.OPENSSL-LIBopenssl.OPENSSL-PVTopenssl.OPENSSL-CERopenssl.OPENSSL-LIBopenssl.OPENSSL-DOCopenssl.OPENSSL-RUNopenssl.OPENSSL-MISopenssl.OPENSSL-LIBopenssl.OPENSSL-PRNGopenssl.OPENSSL-INCopenssl.OPENSSL-MISopenssl.OPENSSL-DOCopenssl.OPENSSL-CERopenssl.OPENSSL-SRCopenssl.OPENSSL-CERopenssl.OPENSSL-PVTopenssl.OPENSSL-PVTopenssl.OPENSSL-INCopenssl.OPENSSL-CONFopenssl.OPENSSL-CONFopenssl.OPENSSL-PRNGopenssl.OPENSSL-RUNopenssl.OPENSSL-RUNopenssl.OPENSSL-CONFopenssl.OPENSSL-MANopenssl.OPENSSL-SRCCluster-OM.CM-DEN-PROVSGWBEMProviders.SGPROV-MOFPackage-CVM-CFS.CM-CVM-CFSCluster-OM.CM-OM-AUTHPHSS42987Cluster-OM.CM-OM-TOOLSCM-Provider-MOF.CM-PROVIDERPackage-CVM-CFS.CM-CVM-CFSSGWBEMProviders.SGPROV-MOFSGManagerPI.SGMGRPIPackage-CVM-CFS.CM-CVM-CFSCM-Provider-MOF.CM-PROVIDERPackage-CVM-CFS.CM-CVM-CFS-COMSGWBEMProviders.SGPROV-CORECluster-OM.CM-OMCluster-OM.CM-OM-AUTHPackage-CVM-CFS.CM-CVM-CFS-COMCluster-OM.CM-OMSGWBEMProviders.SGPROV-MOFCluster-OM.CM-DEN-MOFPackage-Manager.CM-PKG-COMPackage-Manager.CM-PKGPackage-CVM-CFS.CM-CVM-CFSCluster-Monitor.CM-CORECluster-Monitor.CM-CORECluster-Monitor.CM-CORE-COMCluster-Monitor.CM-CORE-COMSGWBEMProviders.SGPROV-CORE-COMCM-Provider-MOF.CM-MOFCluster-OM.CM-OM-TOOLSCluster-OM.CM-DEN-PROVCM-Provider-MOF.CM-MOFCluster-OM.CM-OM-AUTH-COMCluster-OM.CM-OM-COMCluster-OM.CM-OM-AUTH-COMSGManagerPI.SGMGRPICluster-OM.CM-OM-AUTH-COMCluster-OM.CM-DEN-MOFSGWBEMProviders.SGPROV-CORESGWBEMProviders.SGPROV-COREPHSS43094Cluster-Monitor.CM-COREPHSS42988Package-CVM-CFS.CM-CVM-CFS-COMCluster-OM.CM-OM-COMCluster-OM.CM-DEN-PROVPackage-Manager.CM-PKGPackage-Manager.CM-PKG-COMCluster-Monitor.CM-CORE-COMPackage-Manager.CM-PKGCluster-OM.CM-OMCluster-OM.CM-OM-COMCluster-OM.CM-DEN-MOFCluster-OM.CM-OM-TOOLSSGWBEMProviders.SGPROV-DOCPackage-Manager.CM-PKG-COMCM-Provider-MOF.CM-MOFPackage-Manager.CM-PKGSGManagerPI.SGMGRPICluster-OM.CM-OM-AUTHCM-Provider-MOF.CM-PROVIDERopenssl.OPENSSL-PVTopenssl.OPENSSL-MANopenssl.OPENSSL-SRCopenssl.OPENSSL-CERopenssl.OPENSSL-DOCopenssl.OPENSSL-CERopenssl.OPENSSL-DOCopenssl.OPENSSL-INCopenssl.OPENSSL-MANopenssl.OPENSSL-SRCopenssl.OPENSSL-INCopenssl.OPENSSL-CONFopenssl.OPENSSL-CERopenssl.OPENSSL-LIBopenssl.OPENSSL-PRNGopenssl.OPENSSL-CONFopenssl.OPENSSL-LIBopenssl.OPENSSL-INCopenssl.OPENSSL-PVTopenssl.OPENSSL-SRCopenssl.OPENSSL-MISopenssl.OPENSSL-LIBopenssl.OPENSSL-DOCopenssl.OPENSSL-MISopenssl.OPENSSL-MISopenssl.OPENSSL-RUNopenssl.OPENSSL-RUNopenssl.OPENSSL-CONFopenssl.OPENSSL-MANopenssl.OPENSSL-PRNGopenssl.OPENSSL-PVTopenssl.OPENSSL-RUNopenssl.OPENSSL-PRNGCIFS-Development.CIFS-PRGCIFS-CFSM.CFSM-RUNCIFS-Server.CIFS-LIBCIFS-Server.CIFS-RUNCIFS-Server.CIFS-DOCCIFS-Server.CIFS-RUNCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBCIFS-Server.CIFS-ADMINCIFS-Development.CIFS-PRGCIFS-CFSM.CFSM-KRNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-DOCCIFS-Server.CIFS-DOCCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Development.CIFS-PRGCIFS-Server.CIFS-UTILCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBopenssl.OPENSSL-LIBopenssl.OPENSSL-RUNopenssl.OPENSSL-CONFopenssl.OPENSSL-LIBopenssl.OPENSSL-INCopenssl.OPENSSL-RUNopenssl.OPENSSL-MANopenssl.OPENSSL-LIBopenssl.OPENSSL-MISopenssl.OPENSSL-CONFopenssl.OPENSSL-DOCopenssl.OPENSSL-PVTopenssl.OPENSSL-PRNGopenssl.OPENSSL-PRNGopenssl.OPENSSL-MISopenssl.OPENSSL-MISopenssl.OPENSSL-SRCopenssl.OPENSSL-CERopenssl.OPENSSL-CERopenssl.OPENSSL-DOCopenssl.OPENSSL-SRCopenssl.OPENSSL-INCopenssl.OPENSSL-DOCopenssl.OPENSSL-PRNGopenssl.OPENSSL-SRCopenssl.OPENSSL-INCopenssl.OPENSSL-MANopenssl.OPENSSL-MANopenssl.OPENSSL-PVTopenssl.OPENSSL-CONFopenssl.OPENSSL-CERopenssl.OPENSSL-RUNopenssl.OPENSSL-PVTWBEMP-FCP.CSP-LIBSysFaultMgmt.SFM-CORE.SFM_PRO_IAWBEMP-FCP.FCP-LIBWBEMP-FCP.FCP-IP-RUNWBEMP-FCP.FCP-IP-LIBSAS-PROVIDER.SAS-PROVIDER-RUNSFM-JOEM-CORE.EVM_PRO_JOEMSFM-JOEM-CORE.GS_JOEMWBEMP-Storage.STORAGE-PROV-LIBSFM-CORE.EVWEB_COMMSFM-CORE.EVWEB_GUI_COMMSFM-JOEM-CORE.EMT_CORE_JOEMSFM-JOEM-CORE.SFM_PRO_JOEMWBEMP-Storage.STORAGE-IP-LIBWBEMP-FCP.FCP-NIP-LIBWBEMP-FCP.FCP-IP-LIBSFM-CORE.FMD_PRO_COREPAWBEMP-FCP.CSP-RUNSFM-JOEM-CORE.SFM_PRO_JOEMSFM-CORE.CPU-TEST-IAWBEMP-FCP.FCP-RUNSFM-CORE.EMT_DOCSFM-JOEM-CORE.FMD_PRO_JOEMSFM-JOEM-CORE.EVWEB_MAN_JOEMWBEMP-FCP.FCP-IP-RUNWBEMP-Storage.STORAGE-LWE-RUNSFM-CORE.EVM_PRO_COREIASFM-CORE.CTR_PRO_COMMSFM-JOEM-CORE.EMT_MAN_JOEMSFM-JOEM-CORE.EMT_DOC_JOEMSFM-CORE.SFM_PRO_IASFM-CORE.EVWEB_COREPAWBEMP-FCP.FCP-LIBWBEMP-Storage.STORAGE-PROV-RUNSysFaultMgmt.SFM-CORE.SFM_PRO_PAWBEMP-FCP.CSP-LIBSFM-CORE.CTR_PRO_COREIAWBEMP-FCP.FCP-NIP-RUNSFM-CORE.FMD_PRO_COMMSFM-CORE.FMD_PRO_COREIASFM-JOEM-CORE.SFM_PRO_JOEMSFM-JOEM-CORE.EVWEB_GUI_JOEMSFM-CORE.EVM_PRO_COREPASFM-CORE.EMT_COREPARAIDSA-PROVIDER.RAIDSA-PROV-RUNWBEMP-Storage.STORAGE-IP-RUNSFM-CORE.EVWEB_GUI_PASysFaultMgmt.SFM-CORE.SFM_PRO_PASFM-JOEM-CORE.EVWEB_DOC_JOEMSFM-JOEM-CORE.EVWEB_COR_JOEMSFM-JOEM-CORE.SFM_JOEM_MANSFM-CORE.EVWEB_DOCSFM-CORE.SFM_PRO_PASFM-CORE.EVWEB_GUI_IASFM-JOEM-CORE.CTR_PRO_JOEMSFM-CORE.CTR_PRO_COREPASFM-JOEM-CORE.MISC_CORE_JOEMSFM-CORE.EVWEB_COREIASFM-CORE.EVM_PRO_COMMSFM-CORE.EMT_COREIAJdk70.JDK70-COMJre70.JRE70-IPF32-HSJre70.JRE70Jdk70.JDK70-DEMOJre70.JRE70-IPF64Jdk70.JDK70-IPF64Jdk70.JDK70-IPF32Jdk70.JDK70Jre70.JRE70-COMJre70.JRE70-IPF64-HSJre70.JRE70-IPF32Secure_Shell.SECURE_SHELLSecure_Shell.SECURE_SHELLSecure_Shell.SECSH-CMNSecure_Shell.SECSH-CMNSecure_Shell.SECURE_SHELLNameService.BIND-RUNNameService.BIND-AUXFor BIND 9.7.3NameService.BIND-AUXNameService.BIND-RUNOS-Core.CORE2-KRNPHKL41945PHKL41944ProgSupport.C2-INCOS-Core.CORE2-KRNhpuxws22APACHE.PHPhpuxws22APCH32.WEBPROXYhpuxws22APCH32.MOD_JK2hpuxws22APACHE.MOD_PERLhpuxws22APCH32.MOD_PERL2hpuxws22APACHE.AUTH_LDAP2hpuxws22APCH32.PHP2hpuxws22APACHE.WEBPROXYhpuxws22APACHE.APACHEhpuxws22APCH32.MOD_PERL2hpuxws22APACHE.PHPhpuxws22APACHE.AUTH_LDAPhpuxws22APCH32.AUTH_LDAP2hpuxws22APCH32.MOD_PERLhpuxws22APACHE.APACHE2hpuxws22APACHE.WEBPROXYhpuxws22APCH32.MOD_JK2hpuxws22APACHE.WEBPROXY2hpuxws22APCH32.WEBPROXY2hpuxws22APCH32.APACHEhpuxws22APACHE.PHP2hpuxws22APACHE.APACHEhpuxws22APCH32.AUTH_LDAPhpuxws22APCH32.APACHE2hpuxws22APACHE.MOD_JK2hpuxws22APACHE.MOD_PERLhpuxws22APACHE.AUTH_LDAPhpuxws22APCH32.APACHE2hpuxws22APCH32.WEBPROXY2hpuxws22APCH32.WEBPROXYhpuxws22APACHE.MOD_JK2hpuxws22APACHE.AUTH_LDAP2hpuxws22APCH32.PHPhpuxws22APCH32.PHP2hpuxws22APCH32.AUTH_LDAPhpuxws22APACHE.MOD_JKhpuxws22APCH32.MOD_JKhpuxws22APACHE.WEBPROXY2hpuxws22APCH32.MOD_PERLhpuxws22APACHE.MOD_PERL2hpuxws22APACHE.MOD_PERL2hpuxws22APCH32.APACHEhpuxws22APACHE.APACHE2hpuxws22APACHE.MOD_JKhpuxws22APACHE.PHP2hpuxws22APCH32.PHPhpuxws22APCH32.MOD_JKhpuxws22APCH32.AUTH_LDAP2hpuxws22APCH32.APACHE2hpuxws22APCH32.AUTH_LDAP2hpuxws22APCH32.MOD_PERLhpuxws22TOMCAT.TOMCAThpuxws22APCH32.AUTH_LDAPhpuxws22APCH32.MOD_JKhpuxws22APCH32.PHPhpuxws22APCH32.MOD_PERL2hpuxws22APCH32.PHP2hpuxws22APCH32.APACHEhpuxws22APCH32.WEBPROXYhpuxws22APCH32.MOD_JK2Jre15.JRE15-PA20WJre15.JRE15-IPF32Jdk15.JDK15-DEMOJdk15.JDK15-PA20Jre15.JRE15-PA20W-HSJre15.JRE15-PA20-HSJre15.JRE15-IPF64Jdk15.JDK15Jdk15.JDK15-IPF64Jdk15.JDK15-IPF32Jdk15.JDK15-DEMOJdk15.JDK15-COMJdk15.JDK15-COMJdk15.JDK15-PA20WJre15.JRE15-IPF32-HSJre15.JRE15Jre15.JRE15-PA20Jre15.JRE15-COMJre15.JRE15-IPF64-HSBindUpgrade.BIND-UPGRADEBindUpgrade.BIND-UPGRADEBindUpgrade.BIND2-UPGRADENameService.BIND-RUNNameService.BIND-RUNNameService.BIND-AUXNameService.BIND-AUXJre70.JRE70-IPF64Jre70.JRE70-IPF32-HSJdk70.JDK70-IPF32Jre70.JRE70-COMJdk70.JDK70-DEMOJdk70.JDK70-COMJre70.JRE70-IPF32Jre70.JRE70-IPF64-HSJdk70.JDK70-IPF64NTP.NTP-AUXPHNE42470Networking.NET2-KRNNTP.NTP-RUNOS-Core.CORE2-KRNOS-Core.CORE2-KRNOS-Core.SYS2-ADMINNetworking.NET-RUN-64Networking.NET2-RUNNetworking.NMS2-KRNNetworking.NET-RUNNetworking.NMS2-KRNNetworking.NET-RUN-64ProgSupport.C-INCOS-Core.SYS2-ADMINNetworking.NET2-KRNNetworking.NET-PRGNTP.INETSVCS2-BOOTOS-Core.SYS-ADMINNetworking.NET2-RUNPHSS43202PHSS43134PHSS43355hpuxws22TOMCAT.TOMCATDCE-Core.DCE-COR-IA-RUNPHSS42865DCE-Core.DCE-CORE-RUNDCE-Core.DCE-COR-PA-RUNDCE-Core.DCE-IA64-SHLIBPHSS42852DCE-CoreAdmin.DCE-CDSBROWSERDCE-Core.DCE-COR-64SLIBDCE-Core.DCE-CORE-RUNDCE-C-Tools.DCE-TOOLS-LIBDCE-Core.DCE-CORE-SHLIBDCE-Core.DCE-CORE-DTSDCE-Core.DCE-CORE-DTSPHSS42853PHSS42866DCE-SEC-Server.SEC-SERVERDCE-CoreTools.DCE-BPRGDCE-Core.DCE-CORE-SHLIBDCE-CDS-Server.CDS-SERVERDCE-Core.DCE-BPRGDCE-Core.DCE-COR-64SLIBopenssl.OPENSSL-DOCopenssl.OPENSSL-CONFopenssl.OPENSSL-INCopenssl.OPENSSL-DOCopenssl.OPENSSL-SRCopenssl.OPENSSL-RUNopenssl.OPENSSL-MANopenssl.OPENSSL-CERopenssl.OPENSSL-MISopenssl.OPENSSL-MISopenssl.OPENSSL-INCopenssl.OPENSSL-LIBopenssl.OPENSSL-CERopenssl.OPENSSL-LIBopenssl.OPENSSL-INCopenssl.OPENSSL-MISopenssl.OPENSSL-SRCopenssl.OPENSSL-PVTopenssl.OPENSSL-PRNGopenssl.OPENSSL-DOCopenssl.OPENSSL-PRNGopenssl.OPENSSL-PVTopenssl.OPENSSL-LIBopenssl.OPENSSL-CONFopenssl.OPENSSL-MANopenssl.OPENSSL-RUNopenssl.OPENSSL-PVTopenssl.OPENSSL-CERopenssl.OPENSSL-RUNopenssl.OPENSSL-MANopenssl.OPENSSL-CONFopenssl.OPENSSL-SRCopenssl.OPENSSL-PRNGHpuxDirSvr.ADMSVR-RUNHpuxDirSvr.SLAPD-DEVELHpuxDirSvr.GUI-HELPHpuxDirSvr.SLAPD-RUNHpuxDirSvr.GUI-SHAREDHpuxDirSvr.GUI-RUNHpuxDirSvr.SLAPD-SHAREDHpuxDirSvr.CORE-RUNHpuxDirSvr.ADMSVR-SHAREDhpuxwsAPACHE.MOD_JKhpuxws22APCH32.MOD_JKhpuxws22APCH32.AUTH_LDAP2hpuxwsAPACHE.MOD_JK2hpuxws22APCH32.WEBPROXY2hpuxws22APCH32.MOD_PERL2hpuxws22APCH32.MOD_JK2hpuxws22APCH32.PHPhpuxwsAPACHE.APACHE2hpuxwsAPACHE.PHP2hpuxws22APCH32.MOD_PERLhpuxwsAPACHE.WEBPROXYhpuxwsAPACHE.AUTH_LDAPhpuxwsAPACHE.AUTH_LDAP2hpuxwsAPACHE.MOD_PERLhpuxwsAPACHE.PHPhpuxws22APCH32.APACHEhpuxws22APCH32.AUTH_LDAPhpuxws22APCH32.WEBPROXYhpuxws22APCH32.PHP2hpuxwsAPACHE.MOD_PERL2hpuxws22APCH32.APACHE2hpuxwsAPACHE.APACHENFS.NIS-SERVERNFS.NIS2-CLIENTNFS.NFS2-SERVERNFS.NFS-KRNNFS.NFS-CLIENTNFS.NFS-CORENFS.NIS-CORENFS.NFS-SERVERNFS.NIS2-CORENFS.KEY-CORENFS.NFS2-CORENFS.NFS-64SLIBNFS.NFS-64ALIBNFS.NFS-PRGNFS.NFS2-CLIENTNFS.NFS2-PRGNFS.NIS-CLIENTNFS.NFS-SHLIBSNFS.NIS2-SERVERCIFS-Server.CIFS-MANCIFS-Development.CIFS-PRGCIFS-Server.CIFS-DOCCIFS-Server.CIFS-LIBCIFS-Server.CIFS-MANCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-DOCCIFS-Server.CIFS-LIBCIFS-Server.CIFS-UTILCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-DOCCIFS-CFSM.CFSM-MANCIFS-Development.CIFS-PRGCIFS-Server.CIFS-RUNCIFS-CFSM.CFSM-KRNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-MANCIFS-Development.CIFS-PRGCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-UTILCIFS-Server.CIFS-UTILCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBCIFS-Server.CIFS-ADMINCIFS-CFSM.CFSM-RUNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-DOCCIFS-Server.CIFS-LIBCIFS-Development.CIFS-PRGPHSS38840URL:Xserver.X11-SERVXserver.X11-SERVPHSS37972URL:PHSS34392Xserver.X11-SERVopenssl.OPENSSL-DOCopenssl.OPENSSL-MISopenssl.OPENSSL-PRNGopenssl.OPENSSL-DOCopenssl.OPENSSL-MISopenssl.OPENSSL-INCopenssl.OPENSSL-LIBopenssl.OPENSSL-PVTopenssl.OPENSSL-CONFopenssl.OPENSSL-MANopenssl.OPENSSL-MISopenssl.OPENSSL-SRCopenssl.OPENSSL-MANopenssl.OPENSSL-PRNGopenssl.OPENSSL-CERopenssl.OPENSSL-RUNopenssl.OPENSSL-LIBopenssl.OPENSSL-INCopenssl.OPENSSL-RUNopenssl.OPENSSL-DOCopenssl.OPENSSL-CERopenssl.OPENSSL-PVTopenssl.OPENSSL-PVTopenssl.OPENSSL-CONFopenssl.OPENSSL-LIBopenssl.OPENSSL-SRCopenssl.OPENSSL-RUNopenssl.OPENSSL-CONFopenssl.OPENSSL-MANopenssl.OPENSSL-INCopenssl.OPENSSL-CERopenssl.OPENSSL-SRCopenssl.OPENSSL-PRNGOS-Core.CORE2-KRNProgSupport.C-INCPHKL40197ProgSupport.PAUX-ENG-A-MANJre15.JRE15-PA20WJdk15.JDK15-PA20WJre15.JRE15-PA20-HSJre15.JRE15-COM-DOCJdk15.JDK15-COMJre15.JRE15-PA20Jre60.JRE60-PA20-HSJre60.JRE60-PA20WJdk60.JDK60-DEMOJre15.JRE15-COMJre15.JRE15-PA20W-HSJre60.JRE60-COMJdk15.JDK15-IPF32Jdk15.JDK15-DEMOJre60.JRE60-COMJdk60.JDK60-IPF32Jre60.JRE60-IPF32Jre15.JRE15-COMJre15.JRE15-IPF32-HSJre60.JRE60-IPF64-HSJdk15.JDK15-DEMOJre70.JRE70-IPF32-HSJdk15.JDK15-IPF64Jre70.JRE70-IPF64Jdk60.JDK60-COMJre60.JRE60-PA20W-HSJre60.JRE60-IPF64Jre15.JRE15-COM-DOCJdk70.JDK70-DEMOJdk60.JDK60-COMJdk60.JDK60-DEMOJre70.JRE70-COMJdk60.JDK60-IPF64Jdk70.JDK70-IPF64Jdk70.JDK70-IPF32Jre60.JRE60-IPF32-HSJre15.JRE15-IPF64-HSJdk60.JDK60-PA20Jre70.JRE70-IPF32Jre70.JRE70-IPF64-HSJre60.JRE60-COM-DOCJre60.JRE60-PA20Jre15.JRE15-IPF32Jdk15.JDK15-PA20Jdk70.JDK70-COMJdk60.JDK60-PA20WJre15.JRE15-IPF64Jdk15.JDK15-COMJdk15.JDK15-PA20WJre15.JRE15-IPF64-HSJre15.JRE15-PA20WJre15.JRE15-COMJre60.JRE60-PA20-HSJre15.JRE15-PA20-HSJdk60.JDK60-PA20WJre15.JRE15-IPF64Jre15.JRE15-PA20W-HSJre15.JRE15-PA20Jre60.JRE60-PA20Jdk60.JDK60-COMJdk15.JDK15-COMJre60.JRE60-PA20WJdk15.JDK15-COMJre70.JRE70-IPF32-HSJdk70.JDK70-IPF32Jre70.JRE70-IPF64-HSJdk15.JDK15-PA20Jre60.JRE60-IPF32-HSJdk60.JDK60-IPF32Jre15.JRE15-COMJdk15.JDK15-DEMOJre60.JRE60-IPF32Jre60.JRE60-PA20W-HSJdk60.JDK60-IPF64Jre15.JRE15-COM-DOCJdk60.JDK60-DEMOJdk60.JDK60-PA20Jre60.JRE60-COMJdk70.JDK70-DEMOJre60.JRE60-COM-DOCJdk15.JDK15-DEMOJre70.JRE70-IPF64Jdk60.JDK60-DEMOJre70.JRE70-COMJdk70.JDK70-IPF64Jre15.JRE15-COM-DOCJre60.JRE60-IPF64Jre60.JRE60-IPF64-HSJre60.JRE60-COMJdk60.JDK60-COMJre70.JRE70-IPF32Jdk70.JDK70-COMJdk15.JDK15-IPF32Jre15.JRE15-IPF32-HSJre15.JRE15-IPF32Jdk15.JDK15-IPF64NFS.NFS-CLIENTNFS.NFS-64SLIBNFS.NFS-64ALIBNFS.NIS2-CORENFS.NFS-KRNNFS.NIS2-SERVERNFS.NFS-SERVERNFS.NFS2-CORENFS.NFS-CORENFS.NIS-CLIENTNFS.NFS2-SERVERNFS.NFS-SHLIBSNFS.NIS2-CLIENTNFS.NFS2-PRGNFS.NFS-PRGNFS.NIS-CORENFS.NFS2-CLIENTNFS.NIS-SERVERNFS.KEY-CORECIFS-Server.CIFS-ADMINCIFS-Server.CIFS-UTILCIFS-Server.CIFS-LIBCIFS-CFSM.CFSM-KRNCIFS-Development.CIFS-PRGCIFS-Development.CIFS-PRGCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBCIFS-Server.CIFS-LIBCIFS-Server.CIFS-ADMINCIFS-Development.CIFS-PRGCIFS-Server.CIFS-DOCCIFS-Development.CIFS-PRGCIFS-Server.CIFS-DOCCIFS-CFSM.CFSM-RUNCIFS-Server.CIFS-DOCCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-DOCCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-RUNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-RUNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-UTILCIFS-Server.CIFS-LIBhpuxws22APCH32.MOD_JKhpuxws22APACHE.MOD_JKhpuxws22APCH32.PHP2hpuxws22APACHE.APACHEhpuxws22APACHE.MOD_PERLhpuxws22APACHE.PHPhpuxws22APACHE.WEBPROXY2hpuxws22APCH32.APACHE2hpuxws22APCH32.WEBPROXYhpuxws22APCH32.MOD_PERL2hpuxwsAPACHE.WEBPROXYhpuxws22APACHE.WEBPROXYhpuxws22APACHE.MOD_PERL2hpuxws22APACHE.APACHE2hpuxws22APCH32.AUTH_LDAPhpuxws22APCH32.AUTH_LDAPhpuxws22APCH32.MOD_JKhpuxwsAPACHE.MOD_PERLhpuxwsAPACHE.PHPhpuxws22APCH32.WEBPROXYhpuxws22APCH32.MOD_JK2hpuxws22APCH32.MOD_PERLhpuxws22APCH32.PHPhpuxws22APACHE.MOD_PERLhpuxws22APACHE.MOD_PERL2hpuxws22APCH32.AUTH_LDAP2hpuxwsAPACHE.AUTH_LDAPhpuxwsAPACHE.APACHE2hpuxws22APACHE.AUTH_LDAPhpuxws22APACHE.MOD_JK2hpuxws22APCH32.MOD_PERL2hpuxws22APCH32.PHPhpuxws22APCH32.APACHE2hpuxws22APCH32.APACHEhpuxws22APACHE.PHPhpuxws22APACHE.AUTH_LDAP2hpuxwsAPACHE.MOD_PERL2hpuxws22APACHE.MOD_JK2hpuxws22APCH32.WEBPROXY2hpuxws22APCH32.AUTH_LDAP2hpuxws22APCH32.MOD_PERLhpuxwsAPACHE.APACHEhpuxws22APACHE.APACHE2hpuxwsAPACHE.PHP2hpuxws22APACHE.WEBPROXYhpuxws22APCH32.APACHEhpuxws22APACHE.AUTH_LDAPhpuxws22APCH32.PHP2hpuxws22APACHE.WEBPROXY2hpuxws22APACHE.AUTH_LDAP2hpuxws22APCH32.MOD_JK2hpuxws22APCH32.WEBPROXY2hpuxws22APACHE.PHP2hpuxwsAPACHE.MOD_JKhpuxws22APACHE.PHP2hpuxwsAPACHE.MOD_JK2hpuxws22APACHE.APACHEhpuxws22APACHE.MOD_JKhpuxwsAPACHE.AUTH_LDAP2Jdk14.JDK14-PNV2Jpi14.JPI14-PA11Jre14.JRE14-IPF32Jdk14.JDK14-IPF32Jdk14.JDK14-IPF64Jre14.JRE14-PA20-HSJre14.JRE14-COM-DOCJdk14.JDK14-COMJpi14.JPI14-IPF32Jre14.JRE14-COMJre14.JRE14-IPF64Jpi14.JPI14-COM-DOCJre14.JRE14-PA11Jre14.JRE14-PA20Jre14.JRE14-PA20WJre14.JRE14-PA11-HSJre14.JRE14-PA20W-HSJdk14.JDK14-PA20Jdk14.JDK14-PWV2Jre14.JRE14-PNV2Jdk14.JDK14-PA11Jdk14.JDK14-DEMOJre14.JRE14-IPF64-HSJpi14.JPI14-COMJre14.JRE14-IPF32-HSJre14.JRE14-PWV2Jre14.JRE14-PNV2-HJdk14.JDK14-PA20WJre14.JRE14-PWV2-HJre70.JRE70-IPF64-HSJre70.JRE70-COMJre70.JRE70-IPF32-HSJdk70.JDK70-DEMOJdk70.JDK70-IPF64Jdk70.JDK70-COMJdk70.JDK70-IPF32Jre70.JRE70-IPF64Jre70.JRE70-IPF32openssl.OPENSSL-LIBopenssl.OPENSSL-CONFopenssl.OPENSSL-PRNGopenssl.OPENSSL-PVTopenssl.OPENSSL-DOCopenssl.OPENSSL-PRNGopenssl.OPENSSL-INCopenssl.OPENSSL-CONFopenssl.OPENSSL-PVTopenssl.OPENSSL-PVTopenssl.OPENSSL-MANopenssl.OPENSSL-LIBopenssl.OPENSSL-MISopenssl.OPENSSL-DOCopenssl.OPENSSL-PRNGopenssl.OPENSSL-MANopenssl.OPENSSL-DOCopenssl.OPENSSL-RUNopenssl.OPENSSL-CONFopenssl.OPENSSL-CERopenssl.OPENSSL-CERopenssl.OPENSSL-INCopenssl.OPENSSL-MISopenssl.OPENSSL-MISopenssl.OPENSSL-RUNopenssl.OPENSSL-INCopenssl.OPENSSL-SRCopenssl.OPENSSL-SRCopenssl.OPENSSL-RUNopenssl.OPENSSL-CERopenssl.OPENSSL-LIBopenssl.OPENSSL-MANopenssl.OPENSSL-SRCJre60.JRE60-IPF64-HSJre60.JRE60-PA20-HSJre60.JRE60-PA20Jdk60.JDK60-COMJre60.JRE60-IPF32Jdk60.JDK60-PA20WJdk60.JDK60-IPF64Jre60.JRE60-IPF32Jre60.JRE60-IPF64Jre60.JRE60-COMJre60.JRE60-PA20W-HSJre60.JRE60-COMJre60.JRE60-IPF32-HSJre60.JRE60-IPF64-HSJre60.JRE60-IPF32-HSJre60.JRE60-IPF32Jdk60.JDK60-IPF64Jdk60.JDK60-COMJre60.JRE60-COMJre60.JRE60-IPF64Jre60.JRE60-IPF64Jdk60.JDK60-PA20Jre60.JRE60-PA20WJdk60.JDK60-IPF32Jre60.JRE60-IPF64-HSJre60.JRE60-IPF32-HSJdk60.JDK60-IPF32Jre60.JRE60-COM-DOCJre60.JRE60-PA20Jre60.JRE60-COMJdk60.JDK60-IPF64Jdk60.JDK60-PA20Jre60.JRE60-IPF32Jdk60.JDK60-COMJdk60.JDK60-PA20WJre60.JRE60-IPF32-HSJre60.JRE60-IPF64-HSJre60.JRE60-IPF64-HSJdk60.JDK60-IPF32Jre60.JRE60-IPF32-HSJre60.JRE60-IPF32Jre60.JRE60-IPF32-HSJre60.JRE60-IPF64Jdk60.JDK60-COMJre60.JRE60-IPF64-HSJre60.JRE60-IPF64Jre60.JRE60-COM-DOCJre60.JRE60-COMJre60.JRE60-PA20-HSJre60.JRE60-PA20W-HSJdk60.JDK60-IPF32Jre60.JRE60-IPF64Jre60.JRE60-IPF32Jre60.JRE60-PA20WJre60.JRE60-COMJdk60.JDK60-IPF64openssl.OPENSSL-PRNGopenssl.OPENSSL-CONFopenssl.OPENSSL-SRCopenssl.OPENSSL-PVTopenssl.OPENSSL-RUNopenssl.OPENSSL-RUNopenssl.OPENSSL-DOCopenssl.OPENSSL-MISopenssl.OPENSSL-DOCopenssl.OPENSSL-CERopenssl.OPENSSL-PVTopenssl.OPENSSL-INCopenssl.OPENSSL-MANopenssl.OPENSSL-RUNopenssl.OPENSSL-MISopenssl.OPENSSL-MISopenssl.OPENSSL-LIBopenssl.OPENSSL-CONFopenssl.OPENSSL-SRCopenssl.OPENSSL-DOCopenssl.OPENSSL-MANopenssl.OPENSSL-SRCopenssl.OPENSSL-CERopenssl.OPENSSL-PVTopenssl.OPENSSL-CONFopenssl.OPENSSL-PRNGopenssl.OPENSSL-LIBopenssl.OPENSSL-MANopenssl.OPENSSL-INCopenssl.OPENSSL-LIBopenssl.OPENSSL-PRNGopenssl.OPENSSL-INCopenssl.OPENSSL-CERJdk60.JDK60-COMJre60.JRE60-IPF32Jre60.JRE60-PA20WJre60.JRE60-IPF64-HSJre60.JRE60-IPF64Jre60.JRE60-IPF32-HSJre60.JRE60-PA20Jre60.JRE60-PA20-HSJdk60.JDK60-PA20Jre60.JRE60-COMJdk60.JDK60-IPF32Jdk60.JDK60-PA20WJre60.JRE60-PA20W-HSJdk60.JDK60-IPF64SW-DIST.SD-CMDSSW-DIST.GZIPSW-DIST.GZIPSW-DIST.SD-AGENTSW-DIST.SD-CMDSSW-DIST.SD-AGENTPHCO35587Perl5-32.PERL-RUNPerl5-64.PERL-RUNJdk15.JDK15-COMJre15.JRE15-IPF64-HSJdk15.JDK15-IPF32Jre15.JRE15-PA20-HSJdk15.JDK15-PA20WJre15.JRE15-COM-DOCJre15.JRE15-IPF32Jdk15.JDK15-IPF64Jre15.JRE15-IPF64Jre15.JRE15-PA20Jre15.JRE15-PA20WJdk15.JDK15-COMJre15.JRE15-COM-DOCJre15.JRE15-IPF32-HSJdk15.JDK15-PA20Jdk15.JDK15-DEMOJdk15.JDK15-DEMOJre15.JRE15-PA20W-HSJre15.JRE15-COMJre15.JRE15-COMhpuxwsAPACHE.MOD_JKhpuxwsAPACHE.MOD_PERLhpuxwsAPACHE.PHP2hpuxwsAPACHE.AUTH_LDAPhpuxwsAPACHE.APACHEhpuxwsAPACHE.APACHE2hpuxwsAPACHE.MOD_JK2hpuxwsAPACHE.AUTH_LDAP2hpuxwsAPACHE.WEBPROXYhpuxwsAPACHE.PHPhpuxwsAPACHE.MOD_PERL2Jre60.JRE60-IPF64-HSJre60.JRE60-IPF32-HSJdk60.JDK60-IPF32Jre60.JRE60-IPF64Jdk60.JDK60-COMJre60.JRE60-IPF32Jdk60.JDK60-PA20WJre60.JRE60-COMJre60.JRE60-COMJre60.JRE60-IPF32-HSJre60.JRE60-IPF64-HSJdk60.JDK60-IPF64Jre60.JRE60-PA20Jre60.JRE60-COM-DOCJre60.JRE60-IPF32Jre60.JRE60-IPF64Jdk60.JDK60-IPF32Jre60.JRE60-IPF32Jdk60.JDK60-IPF64Jre60.JRE60-IPF64Jdk60.JDK60-COMJdk60.JDK60-PA20Jre60.JRE60-PA20WJre60.JRE60-IPF32-HSJre60.JRE60-PA20W-HSJre60.JRE60-PA20-HSJre60.JRE60-IPF64-HSJre60.JRE60-COMJdk70.JDK70-IPF64Jre70.JRE70-IPF64Jre70.JRE70-IPF32-HSJre70.JRE70-IPF32Jdk70.JDK70-IPF32Jdk70.JDK70-DEMOJre70.JRE70-IPF64-HSJre70.JRE70-COMJdk70.JDK70-COMJre15.JRE15-COM-DOCJre15.JRE15-COMJre15.JRE15-IPF64-HSJdk15.JDK15-PA20WJdk15.JDK15-COMJdk15.JDK15-PA20Jdk15.JDK15-DEMOJdk15.JDK15-COMJre15.JRE15-IPF32-HSJre15.JRE15-COM-DOCJdk15.JDK15-IPF32Jre15.JRE15-PA20W-HSJre15.JRE15-PA20WJre15.JRE15-PA20Jdk15.JDK15-DEMOJdk15.JDK15-IPF64Jre15.JRE15-PA20-HSJre15.JRE15-IPF32Jre15.JRE15-IPF64Jre15.JRE15-COMhpuxws22APCH32.PHP2hpuxws22APCH32.MOD_PERLhpuxws22APCH32.MOD_PERL2hpuxws22APCH32.APACHE2hpuxws22TOMCAT.TOMCAThpuxws22APCH32.AUTH_LDAP2hpuxws22APCH32.MOD_JKhpuxws22APCH32.AUTH_LDAPhpuxws22APCH32.WEBPROXYhpuxws22APCH32.MOD_JK2hpuxws22APCH32.PHPhpuxws22TOMCAT.TOMCAThpuxws22APCH32.WEBPROXY2hpuxws22APCH32.APACHEhpuxws22TOMCAT.TOMCATPHNE_34544WUFTP-26.INETSVCS-FTPPHNE_33395PHCO34545OS-Core.ARRAY-MGMTOS-Core.ADMN-ENG-A-MANPHCO_23263InternetSrvcs.INETSVCS2-RUNPHNE_29462PHNE_33159PHCO32280OS-Core.CORE-SHLIBSPHCO29249PHCO30402SysMgmtServer.MX-PORTALSysMgmtServer.MX-PORTALPHCO_29249InternetSrvcs.INET-ENG-A-MANPHNE_33792InternetSrvcs.INETSVCS2-RUNOS-Core.UX-COREPHCO33989PHCO33967Networking.NET2-KRNSecure_Shell.SECURE_SHELLHP_Webproxy.HPWEB-PX-COREPHSS_34163hpuxws22APCH32.WEBPROXYhpuxws22APCH32.MOD_JKhpuxws22APACHE.MOD_PERLhpuxws22APCH32.WEBPROXY2hpuxws22APCH32.PHP2hpuxws22APCH32.MOD_PERLhpuxws22APACHE.AUTH_LDAP2hpuxws22APCH32.MOD_JK2hpuxws22APACHE.AUTH_LDAPhpuxws22APACHE.APACHE2hpuxws22APACHE.MOD_PERL2hpuxws22APCH32.APACHEhpuxws22APCH32.AUTH_LDAPhpuxws22APACHE.WEBPROXYhpuxws22APCH32.MOD_PERL2hpuxws22APACHE.APACHEhpuxws22APACHE.MOD_JK2hpuxws22APCH32.AUTH_LDAP2hpuxws22APCH32.PHPhpuxws22APACHE.PHPhpuxws22APCH32.APACHE2hpuxws22APACHE.WEBPROXY2hpuxws22APACHE.MOD_JKhpuxws22APACHE.PHP2VRTSobc33.VRTSOBC33PHCO42173VRTSob.VEAS-FILESETPHCO42175PHCO42316PHCO42317PHCO42177PHCO42178PHCO42180PHCO42179PHCO42176PHCO42182PHCO42181hpuxwsAPACHE.AUTH_LDAPhpuxwsAPACHE.MOD_JKhpuxws22APCH32.MOD_JKhpuxws22APCH32.MOD_PERLhpuxws22APCH32.APACHEhpuxwsAPACHE.AUTH_LDAP2hpuxws22APACHE.AUTH_LDAP2hpuxws22APACHE.MOD_PERL2hpuxws22APACHE.APACHEhpuxwsAPACHE.MOD_JK2hpuxws22APACHE.PHP2hpuxwsAPACHE.APACHE2hpuxwsAPACHE.PHPhpuxws22APCH32.MOD_JK2hpuxwsAPACHE.APACHEhpuxws22APCH32.PHPhpuxws22APACHE.APACHE2hpuxwsAPACHE.MOD_PERL2hpuxws22APACHE.MOD_JK2hpuxws22APCH32.WEBPROXY2hpuxws22APCH32.WEBPROXYhpuxws22APCH32.APACHE2hpuxws22APCH32.AUTH_LDAP2hpuxws22APCH32.MOD_PERL2hpuxws22APCH32.AUTH_LDAPhpuxws22APCH32.PHP2hpuxws22APACHE.MOD_PERLhpuxws22APACHE.MOD_JKhpuxwsAPACHE.WEBPROXYhpuxwsAPACHE.PHP2hpuxws22APACHE.AUTH_LDAPhpuxwsAPACHE.MOD_PERLhpuxws22APACHE.PHPPHSS_34102CIFS-Server.CIFS-RUNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBPHCO_30402SRP.SRP-KERNELPHNE_23950EMS-MIBMonitor.MIBMON-RUNEMS-Core.EMS-WRAPPER-COMEMS-MIBMon.MIBMON-RUN-COMEMS-Core.EMS-COREEMS-Config.EMS-GUIEMS-Config.EMS-GUI-COMEMS-MIBMon.MIBMON-RUNEMS-Core.EMS-MXEMS-Core.EMS-CORE-COMEMS-Core.EMS-WRAPPERPHNE42727InternetSrvcs.INETSVCS-RUNBINDv920.INETSVCS-BINDInternetSrvcs.INETSVCS-INETDInternetSrvcs.INETSVCS2-RUNNameService.BIND-AUXBindUpgrade.BIND2-UPGRADEBindUpgrade.BIND-UPGRADENameService.BIND-RUNOS-Core.CORE-ENG-A-MANOS-Core.UX-COREPHCO_33989Jre60.JRE60-PA20Jre60.JRE60-IPF32-HSJre15.JRE15-IPF32Jdk60.JDK60-COMJdk60.JDK60-IPF64Jre60.JRE60-PA20W-HSJre60.JRE60-COMJre60.JRE60-IPF32Jre15.JRE15-PA20Jdk60.JDK60-PA20Jdk15.JDK15-PA20Jre15.JRE15-COMJre60.JRE60-PA20WJre15.JRE15-IPF64-HSJdk15.JDK15-IPF32Jre15.JRE15-PA20WJre60.JRE60-PA20-HSJre15.JRE15-IPF64Jre15.JRE15-PA20W-HSJre60.JRE60-IPF64Jre60.JRE60-IPF64-HSJdk60.JDK60-PA20WJdk15.JDK15-PA20WJre15.JRE15-IPF32-HSJdk15.JDK15-COMJdk15.JDK15-IPF64Jdk60.JDK60-IPF32Jre15.JRE15-PA20-HSOS-Core.UX-COREPHCO33219PHCO34929PHCO33214PHCO33215OS-Core.UX2-COREPHCO32149PHCO32926IPSec.IPSEC2-KRNIPSec.IPSEC2-KRNTOUR_PRODUCT.T-NET2-KRNPHNE_32606BindUpgrade.BIND-UPGRADEBindUpgrade.BIND2-UPGRADENameService.BIND-AUXInternetSrvcs.INETSVCS2-RUNInternetSrvcs.INETSVCS-RUNPHNE42727InternetSrvcs.INETSVCS-INETDBINDv920.INETSVCS-BINDNameService.BIND-RUNhpuxws22TOMCAT.TOMCAThpuxwsAPACHEhpuxwsAPACHEInternetSrvcs.INETSVCS-RUNPHNE_34543WUFTP-26.INETSVCS-FTPMozilla.MOZ-COMMozilla.MOZ-COMCDE.CDE-RUNPHSS41174PHSS41788PHNE23949InternetSrvcs.INETSVCS-RUNPHNE24395PHNE_34306Secure_Shell.SECURE_SHELLSecure_Shell.SECURE_SHELLOS-Core.CORE-64SLIBOS-Core.CMDS2-AUXProgSupport.C2-INCProgSupport.LANG-MINOS-Core.CORE2-64SLIBOS-Core.CORE-SHLIBSOS-Core.CMDS-AUXOS-Core.LINKER-HELPOS-Core.C-KRNOS-Core.C-MINProgSupport.PROG-AUXPHSS42043PHSS42040PHSS42253OS-Core.LINKER-PAOBJProgSupport.PROG2-AUXProgSupport.LANG-64ALIBProgSupport.C-INCOS-Core.C-MIN-64ALIBProgSupport.PROG-AX-64ALIBOS-Core.CORE2-SHLIBSBindUpgrade.BIND2-UPGRADENameService.BIND-RUNBindUpgrade.BIND-UPGRADENameService.BIND-AUXBindUpgrade.BIND-UPGRADEkhpuxwsAPCH32.AUTH_LDAP2hpuxws22TOMCAT.TOMCAThpuxwsAPCH32.APACHEhpuxwsAPCH32.MOD_JKhpuxwsAPCH32.MOD_PERLhpuxwsAPCH32.PHPhpuxwsAPCH32.APACHE2hpuxwsAPCH32.MOD_PERL2hpuxwsAPACHE.APACHEhpuxwsAPCH32.AUTH_LDAPhpuxwsAPCH32.MOD_JK2hpuxwsAPACHE.MOD_JK2hpuxwsAPACHE.PHP2hpuxwsAPACHE.WEBPROXYhpuxwsAPCH32.PHP2hpuxwsAPACHE.APACHE2hpuxwsAPACHE.PHPhpuxwsAPACHE.MOD_JKhpuxwsAPACHE.AUTH_LDAPhpuxwsAPACHE.AUTH_LDAP2hpuxwsAPACHE.MOD_PERL2hpuxwsAPACHE.MOD_PERLhpuxwsAPCH32.WEBPROXYVaultWS.WS-COREPHSS_34123CIFS-Development.CIFS-PRGCIFS-Server.CIFS-RUNCIFS-Server.CIFS-LIBCIFS-CFSM.CFSM-RUNCIFS-Server.CIFS-DOCCIFS-CFSM.CFSM-MANCIFS-Server.CIFS-MANCIFS-CFSM.CFSM-KRNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINopenssl.OPENSSL-SRCopenssl.OPENSSL-PRNGopenssl.OPENSSL-MISopenssl.OPENSSL-MANopenssl.OPENSSL-PVTopenssl.OPENSSL-CONFopenssl.OPENSSL-CERopenssl.OPENSSL-RUNopenssl.OPENSSL-LIBopenssl.OPENSSL-INCopenssl.OPENSSL-DOCPHSS_34169VaultTS.VV-IWSVaultWS.WS-COREPHSS_34121VaultTS.VV-IWSPHSS_34170VaultWS.WS-COREPHSS_34120VaultTS.VV-IWSPHSS_34171VaultWS.WS-COREPHSS_34119HP_Webproxy.HPWEB-PX-COREPHSS_34203HP_Webproxy.HPWEB-PX-COREPHSS_34204NameService.BIND-AUXBindUpgrade.BIND-UPGRADEBINDv920.INETSVCS-BINDInternetSrvcs.INETSVCS-INETDPHNE40339InternetSrvcs.INETSVCS-RUNNameService.BIND-RUNBindUpgrade.BIND2-UPGRADEInternetSrvcs.INETSVCS2-RUNBindUpgrade.BIND2-UPGRADENameService.BIND-AUXNameService.BIND-RUNBindUpgrade.BIND-UPGRADEPHSS40229SG-Sybase-Tool.CM-SYBASEPHSS40230SG-Oracle-Tool.CM-ORACLEhpuxwsAPCH32.APACHE2hpuxwsAPACHE.PHPhpuxwsAPACHE.MOD_JKhpuxwsAPACHE.MOD_JK2hpuxwsAPACHE.AUTH_LDAPhpuxwsAPACHE.APACHE2hpuxwsAPACHE.WEBPROXYhpuxwsAPACHE.MOD_PERLhpuxwsAPCH32.AUTH_LDAPhpuxwsAPCH32.WEBPROXYhpuxwsAPACHE.AUTH_LDAP2hpuxwsAPCH32.PHP2hpuxwsAPACHE.APACHEhpuxwsAPACHE.PHP2hpuxwsAPCH32.MOD_PERL2hpuxwsAPCH32.PHPhpuxwsAPCH32.APACHEhpuxwsAPCH32.MOD_JKhpuxwsAPACHE.MOD_PERL2hpuxwsAPCH32.AUTH_LDAP2hpuxwsAPCH32.MOD_JK2hpuxwsAPCH32.MOD_PERLOS-Core.KERN2-RUNPHKL40888OS-Core.CORE2-KRNPHNE_24395NameService.BIND-AUXBINDv920.INETSVCS-BINDNameService.BIND-RUNPHNE37865InternetSrvcs.INETSVCS-INETDBindUpgrade.BIND-UPGRADEInternetSrvcs.INETSVCS2-RUNBindUpgrade.BIND2-UPGRADEInternetSrvcs.INETSVCS-RUNJre15.JRE15-PA20WJre15.JRE15-PA20Jre60.JRE60-IPF32-HSJdk60.JDK60-IPF32Jdk60.JDK60-PA20Jre60.JRE60-IPF32Jdk15.JDK15-PA20Jdk15.JDK15-IPF64Jre60.JRE60-COMJre15.JRE15-IPF64Jdk15.JDK15-IPF32Jre15.JRE15-PA20-HSJdk60.JDK60-COMJre15.JRE15-IPF32Jre60.JRE60-IPF64Jre15.JRE15-IPF64-HSJre60.JRE60-PA20-HSJre15.JRE15-PA20W-HSJdk60.JDK60-PA20WJre60.JRE60-IPF64-HSJre15.JRE15-COMJdk15.JDK15-PA20WJre15.JRE15-IPF32-HSJre60.JRE60-PA20Jdk15.JDK15-COMJdk60.JDK60-IPF64Jre60.JRE60-PA20W-HSNFS.NIS2-SERVERNFS.NFS-CORENFS.NFS-KRNNFS.NIS2-CORENFS.NIS-CORENFS.NIS-SERVERNFS.NFS-PRGNFS.NFS-64SLIBNFS.KEY-CORENFS.NIS2-CLIENTNFS.NFS2-CORENFS.NIS-CLIENTNFS.NFS2-PRGNFS.NFS2-CLIENTNFS.NFS-CLIENTNFS.NFS-SERVERNFS.NFS2-SERVERNFS.NFS-SHLIBSNFS.NFS-64ALIBNFS.NFS-CORENFS.NIS-CORENFS.NIS-CLIENTNFS.NFS-64ALIBNFS.NFS-PRGNFS.NFS-SERVERPHNE41021NFS.NIS-SERVERNFS.NFS-64SLIBNFS.NFS-KRNNFS.NFS-SHLIBSNFS.NFS2-CLIENTNFS.NFS2-SERVERNFS.KEY-COREPHNE41023NFS.NFS-CLIENTNFS.NFS2-CORENFS.NIS2-CLIENTNFS.NFS2-PRGNFS.NISPLUS-COREPHKL39133PHKL40944OS-Core.CORE2-KRNPHKL39899KRB5-Client.KRB5-SHLIBPHSS41775krb5client.KRB5IA64SLIB-AKRB5-Client.KRB5-64SLIBKRB5-Client.KRB5-RUNkrb5client.KRB5-PRG-AKRB5-Client.KRB5-PRGKRB5-Client.KRB5-IA32SLIBkrb5client.KRB5-SHLIB-Akrb5client.KRB5-64SLIB-Akrb5client.KRB5-RUN-Akrb5client.KRB5IA32SLIB-AKRB5-Client.KRB5-IA64SLIBSendmail.SENDMAIL-AUXSMAIL-UPGRADE.INET2-SMAILSMAIL-UPGRADE.INET-SMAILSMAIL-UPGRADE.INETSVCS-SMAILSendmail.SENDMAIL-RUNOS-Core.CORE2-KRNProgSupport.C-INCPHKL40845PHNE_33159openssl.OPENSSL-MANopenssl.OPENSSL-DOCopenssl.OPENSSL-PVTopenssl.OPENSSL-PRNGopenssl.OPENSSL-MISopenssl.OPENSSL-SRCopenssl.OPENSSL-LIBopenssl.OPENSSL-INCopenssl.OPENSSL-CONFopenssl.OPENSSL-RUNopenssl.OPENSSL-CERJdk15.JDK15-COMJre60.JRE60-PA20-HSJdk14.JDK14-PA20WJre60.JRE60-IPF64-HSJre15.JRE15-IPF32Jdk15.JDK15-IPF64Jre15.JRE15-IPF64-HSJre14.JRE14-IPF32-HSJdk15.JDK15-PA20Jre15.JRE15-PA20W-HSJre60.JRE60-IPF32-HSJre14.JRE14-PA11-HSJre60.JRE60-COMJre14.JRE14-PA20W-HSJre60.JRE60-PA20W-HSJre14.JRE14-IPF32Jre15.JRE15-COMJdk15.JDK15-IPF32Jdk60.JDK60-PA20Jre15.JRE15-PA20WJdk60.JDK60-IPF64Jre14.JRE14-PA20Jre14.JRE14-PA20-HSJdk60.JDK60-COMJre60.JRE60-IPF64Jdk14.JDK14-IPF32Jre15.JRE15-IPF64Jre60.JRE60-PA20WJre14.JRE14-PA20WJdk14.JDK14-IPF64Jre15.JRE15-PA20Jre14.JRE14-IPF64-HSJdk60.JDK60-IPF32Jre14.JRE14-PA11Jre15.JRE15-IPF32-HSJre14.JRE14-IPF64Jdk14.JDK14-PA11Jre60.JRE60-IPF32Jre14.JRE14-COMJre60.JRE60-PA20Jdk60.JDK60-PA20WJdk15.JDK15-PA20WJdk14.JDK14-PA20Jre15.JRE15-PA20-HSJdk14.JDK14-COMInternetSrvcs.INETSVCS-RUNInternetSrvcs.INET-ENG-A-MANPHNE_33791WUFTP-26.INETSVCS-FTPJre60.JRE60-PA20-HSJre14.JRE14-PA20W-HSJre14.JRE14-IPF64-HSJre60.JRE60-COMJre15.JRE15-PA20-HSJre14.JRE14-PA20-HSJre14.JRE14-IPF32Jre60.JRE60-PA20Jre15.JRE15-IPF32-HSJre60.JRE60-PA20WJdk14.JDK14-PA11Jdk15.JDK15-COMJdk14.JDK14-COMJre15.JRE15-IPF32Jre14.JRE14-COMJre15.JRE15-PA20W-HSJdk60.JDK60-COMJre15.JRE15-COMJre60.JRE60-IPF32-HSJre14.JRE14-PA11Jre60.JRE60-PA20W-HSJdk14.JDK14-PA20WJdk60.JDK60-PA20WJre14.JRE14-PA11-HSJre14.JRE14-PA20WJre15.JRE15-PA20Jre15.JRE15-PA20WJre14.JRE14-IPF32-HSJdk15.JDK15-IPF64Jre60.JRE60-IPF32Jre60.JRE60-IPF64Jdk15.JDK15-IPF32Jre14.JRE14-PA20Jdk14.JDK14-IPF32Jdk60.JDK60-IPF64Jdk60.JDK60-PA20Jdk15.JDK15-PA20Jdk14.JDK14-IPF64Jre15.JRE15-IPF64Jdk60.JDK60-IPF32Jre15.JRE15-IPF64-HSJre14.JRE14-IPF64Jdk15.JDK15-PA20WJdk14.JDK14-PA20Jre60.JRE60-IPF64-HSPHNE_33427PHCO28847PHSS29964DCE-Core.DCE-CORE-SHLIBSW-DIST.SD-AGENTPHCO28848PHSS29963PHSS30302PHCO30006InternetSrvcs.INETSVCS-RUNInternetSrvcs.INET-ENG-A-MANVirtualVaultOS.VVOS-AUX-IAPHNE_24395A.00.09.08l.003A.00.09.08l.001A.00.09.08l.002B.2.0.59.13A.02.04A.02.04aA.02.03.051.6.0.06.001.5.0.19.001.4.2.24.001.5.0.17.001.6.0.05.001.4.2.23.00D\.5\.8\.0\.[ABCDEF]D.5.8.3.AD\.5\.8\.2\.[ABCDE]D\.5\.6\..*D\.5\.8\.2\.[ABC]A.02.03.05A.02.04.01C.1.3.5.10E.1.6.2.08D.1.6.2.08B.5.5.29.01B.08.10.03B.08.00.02SMAIL-813C.9.3.2.7.0B.11.11.01.015B.2.2.8.10B.2.0.59.16A.02.01A.02.01A.02.01A.02.01B.11.23.06D.1.6.2.01C.1.3.5.09E.1.6.2.03B\.11\.11\.(00.*|01\.00[0-5])0.10.39.2.11.2.10.2.1B.04.17B.11.231.4.2.17.001.5.0.112.0.0.11A.00.09.07l.007A.00.09.07l.006A.00.09.08d.003B.07.10.50B.06.21.70C.6.2.241A.2.2.6.2B.2.0.59.00.2A.2.0.59.00.2B.11.11.01.011C.9.3.2.3.0B.5.5.27.03B.11.11.01.006B.11.00.01.005B.11.00.01.003B.11.11.01.003B.11.00.01.004B.11.11.01.0061.5.0.01.00A.02.03C.6.9.150A.02.03B.11.23.07.04B.11.11.17.02A.02.01A.01.05.01A.01.07.02A.02.03.04A.04.70.003A.04.70.004A.04.70.005B.03.01B.11.23.0606.045B.11.20C.01.25D.01.25B.11.11.16C.7.3.148A.3.0.0B.2.0.59.04.2B.11.00.01.004B.11.11.01.004B.11.20B.2.0.59.00A.2.0.59.00B.11.11.01.011C.2.6.1.3.0B.11.23.02.00B.2.0.59.07.01A\.0[12]\..*B.11.23.0606.045B\.11\.00\.(00.*|01\.00[0-4])B.11.11B.11.04B.11.00B.11.00B.11.10B.11.10B.11.10C.9.7.3.0.0C.9.7.3.7.0C.9.9.4.0.0C.9.9.4.3.0A.01.00.01pD.7.0.59.01A.03.02.05A.03.02.04C.4.2.6.6.0C.4.2.6.5.0A.00.09.08ze.002A.00.09.08ze.001A.00.09.08ze.003C.9.7.3.6.0A.00.09.08zf.001A.00.09.08zf.002A.00.09.08zf.0031.7.0.12.00C.6.0.43.01B.2.2.29.011.6.0.25.00A.06.20.010A.06.20.012A.06.20.0111.7.0.11.001.8.0.01.00orA.02.04.07A.00.09.08zb.003A.00.09.08zb.002A.00.09.08zb.001B.2.2.15.21A.00.09.08zc.001A.00.09.08zc.003A.00.09.08zc.002A.02.04.06A.03.01.06A.03.01.05A.03.02.02A.03.02.00A.03.01.07A.02.03.06A.03.02.011.6.0.23.001.7.0.10.00A.00.09.08za.002A.00.09.08za.003A.00.09.08za.0011.7.0.09.001.6.0.22.00A.01.02.02FIPS-OPENSSL-1.2.001FIPS-OPENSSL-1.1.2.049FIPS-OPENSSL-1.1.2.051FIPS-OPENSSL-1.2.002A.00.09.08k.003A.00.09.07m.050FIPS-OPENSSL-1.1.2.050FIPS-OPENSSL-1.2.003A.00.09.07m.049C.9.7.3.4.0FIPS-OPENSSL-1.2.001FIPS-OPENSSL-1.1.2.046FIPS-OPENSSL-1.1.2.048A.00.09.07m.047FIPS-OPENSSL-1.2.002A.00.09.07m.046A.00.09.08j.003FIPS-OPENSSL-1.1.2.047FIPS-OPENSSL-1.2.0031.7.0.08.00B.11.00.01.004C.9.3.2.15.0C.9.7.3.1.0C.9.3.2.13.0A.00.09.08r.003A.00.09.08r.001A.00.09.08r.002A.00.09.08t.002A.00.09.08t.003A.00.09.08t.001A.03.01.04A.02.04.05A.00.09.08x.001A.00.09.08x.003A.00.09.08x.002B.11.31.1203.05.02A.04.04.03.02B.11.31.1203.06.02B.11.31.1203.07.02B.07.06.01.02C.07.06.031.7.0.03.00A.06.20.001A.06.20.002A.06.20.003C.9.7.3.2.0C.9.7.3.3.0B.2.2.15.16B.5.5.35.01B.2.2.15.111.5.0.25.00C.9.3.2.12.0C.9.7.3.0.0C.9.3.2.14.01.7.0.01.00C.4.2.6.0.0D.7.0.35.01A.00.09.08s.002A.00.09.08s.003A.00.09.08s.001B.08.10.05B.2.2.15.12B.2.0.64.03B.11.31.11A.03.01.05A.02.03.06A.02.04.06A.00.09.08q.002A.00.09.08q.003A.00.09.08q.0011.7.0.04.001.6.0.17.001.5.0.27.001.6.0.15.001.7.0.02.001.5.0.26.00B.11.31.05A.03.01.01A.02.04.04A.02.03.06B.2.2.15.13B.2.0.64.041.4.2.28.001.7.0.05.00A.00.09.08w.001A.00.09.08w.002A.00.09.08w.0031.6.0.19.001.6.0.18.00A.00.09.08y.003A.00.09.08y.001A.00.09.08y.0021.6.0.13.00B.11.23.0612E.5.8.8.M1.5.0.29.00B.2.0.64.051.6.0.20.001.7.0.07.001.5.0.28.00D.7.0.35.01C.6.0.36.01B.2.2.15.15B.5.5.36.01B\.11\.11\.(00.*|01\.00[0-7])B.11.11B.11.11B.11.22C.04.00.00.00C.04.01.00.00B.11.23B.11.23A(\.0[0-3]\..*|\.04\.[0-1].*|\.04\.20\.00[0-3])B.2.2.15.09B.2.0.64.02B.2.2.15.09A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A.03.01.001A.04.20.11.05.01A.04.20.31.07.01A.04.20.23.06.01B.11.11.01.017C.9.3.2.9.1C.9.3.2.10.1B.11.00B.11.001.6.0.12.001.5.0.24.00A\.([01].*|2\.00\.00)A\.0[12]\..*C.9.3.2.9.0B.11.11.01.017C.9.3.2.10.0B.5.5.34.01(((A|B)\.2\.0\.55\.\d+)|((A|B)\.[3-9]\..*)|((A|B)\.[1-9]\d+\..*)|((A|B)\.2\.[1-9]\d*\..*)|((A|B)\.2\.\d+\.[6-9]\d+\..*)|((A|B)\.2\.\d+\.5[6-9]\d*\..*)|((A|B)\.2\.\d+\.\d{3,}\..*))B\.11\.11\.(00.*|01\.00[0-5])B.11.00B.11.22((1\.7\.12\..*)|(1\.(([8-9])|(\d{2,}))\..*)|(1\.7\.((1[3-9])|([2-9]\d+))\..*))A(\.0[0-3]\..*|\.04\.[0-1].*|\.04\.20\.00[0-4])C.9.3.2.9.0C.9.3.2.8.0B.5.5.30.04B.2.2.15.05B.2.0.64.01A.02.04.02A.02.03.06A.00.09.08o.003A.00.09.08o.002A.04.70A.04.70A.04.60A.04.60A.04.50A.04.50A.02.10A.02.00B.11.11.01.014C.9.3.2.8.0C.9.3.2.7.0C.9.3.2.8.0C.9.3.2.7.0B.2.0.63.01B.10.24B.11.11.01.015C.9.3.2.7.01.5.0.22.001.6.0.10.00B.11.31.09B.11.31.09.01C.1.3.5.11E.1.6.2.09D.1.6.2.09B.11.23.1.007B.11.11.02.008C.8.13.3.5A.00.09.08n.002A.00.09.08n.003A.00.09.08n.0011.6.0.09.001.5.0.21.001.4.2.26.00B.11.11B.11.11B.11.11B\.11\.00\.(00.*|01\.00[0-3])B.11.311.5.0.19.001.4.2.24.001.6.0.06.00B.11.23\d+/8\d+\d+/7\d+B.11.23B.11.11B.11.00B.11.04\d+/7\d+\d+/8\d+B.11.04B.11.04B.11.04B.11.04