Openvms
Sign in to watchby HP
CVEs (21)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-5120 | 0.05 | — | 0.26 | Nov 18, 2008 | Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string. | ||
| CVE-2012-3277 | 0.00 | — | 0.01 | Dec 13, 2012 | HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors. | ||
| CVE-2012-3276 | 0.00 | — | 0.00 | Dec 13, 2012 | HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. | ||
| CVE-2012-2010 | 0.00 | — | 0.00 | May 18, 2012 | The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. | ||
| CVE-2012-0134 | 0.00 | — | 0.00 | Apr 19, 2012 | Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors. | ||
| CVE-2010-4110 | 0.00 | — | 0.00 | Dec 22, 2010 | Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors. | ||
| CVE-2010-1973 | 0.00 | — | 0.00 | Jul 22, 2010 | Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors. | ||
| CVE-2010-2612 | 0.00 | — | 0.00 | Jul 2, 2010 | Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors. | ||
| CVE-2008-4052 | 0.00 | — | 0.00 | Sep 11, 2008 | Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors. | ||
| CVE-2008-3946 | 0.00 | — | 0.00 | Sep 5, 2008 | The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. | ||
| CVE-2008-3947 | 0.00 | — | 0.00 | Sep 5, 2008 | DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line. | ||
| CVE-2008-3940 | 0.00 | — | 0.00 | Sep 5, 2008 | Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | ||
| CVE-2007-5242 | 0.00 | — | 0.01 | Oct 6, 2007 | Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment." | ||
| CVE-2007-5241 | 0.00 | — | 0.01 | Oct 6, 2007 | Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. | ||
| CVE-2007-3729 | 0.00 | — | 0.01 | Jul 12, 2007 | The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | ||
| CVE-2007-3730 | 0.00 | — | 0.01 | Jul 12, 2007 | The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification. | ||
| CVE-2007-2998 | 0.00 | — | 0.00 | Jun 4, 2007 | The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. | ||
| CVE-2007-2468 | 0.00 | — | 0.00 | May 2, 2007 | Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions." | ||
| CVE-2007-0139 | 0.00 | — | 0.01 | Jan 9, 2007 | Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. | ||
| CVE-2006-3686 | 0.00 | — | 0.01 | Jul 21, 2006 | Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash). |