VYPR

Openvms

by Microfocus

CVEs (26)

  • CVE-1999-1324CriDec 31, 1999
    risk 0.64cvss 9.8epss 0.03

    VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

  • CVE-2008-5120Nov 18, 2008
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.

  • CVE-2012-3277Dec 13, 2012
    risk 0.00cvss epss 0.02

    HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2012-3276Dec 13, 2012
    risk 0.00cvss epss 0.00

    HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors.

  • CVE-2012-2010May 18, 2012
    risk 0.00cvss epss 0.00

    The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.

  • CVE-2012-0134Apr 19, 2012
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors.

  • CVE-2010-4110Dec 22, 2010
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.

  • CVE-2010-1973Jul 22, 2010
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.

  • CVE-2010-2612Jul 2, 2010
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.

  • CVE-2010-0443Feb 4, 2010
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.

  • CVE-2008-4052Sep 11, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.

  • CVE-2008-3946Sep 5, 2008
    risk 0.00cvss epss 0.01

    The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.

  • CVE-2008-3947Sep 5, 2008
    risk 0.00cvss epss 0.00

    DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.

  • CVE-2008-3940Sep 5, 2008
    risk 0.00cvss epss 0.00

    Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.

  • CVE-2008-0704Mar 28, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown…

  • CVE-2007-5242Oct 6, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after…

  • CVE-2007-5241Oct 6, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet.

  • CVE-2007-3730Jul 12, 2007
    risk 0.00cvss epss 0.02

    The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.

  • CVE-2007-3729Jul 12, 2007
    risk 0.00cvss epss 0.02

    The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.

  • CVE-2007-2998Jun 4, 2007
    risk 0.00cvss epss 0.00

    The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain…

Page 1 of 2