Vendor CVEs
SCO Group
All CVEs
135 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0791 | Cri | 0.64 | 9.8 | 0.02 | Oct 7, 2003 | The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | ||
| CVE-2026-34334 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2004-0079 | Hig | 0.50 | 7.5 | 0.10 | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||
| CVE-2005-0109 | Med | 0.36 | 5.6 | 0.01 | Mar 5, 2005 | Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as… | ||
| CVE-1999-0011 | Med | 0.36 | 5.4 | 0.05 | Apr 8, 1998 | Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | ||
| CVE-1999-0524 | Med | 0.29 | 4.0 | 0.32 | Aug 1, 1997 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||
| CVE-2001-0797 | 0.10 | — | 0.89 | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. | |||
| CVE-1999-0128 | 0.09 | — | 0.74 | Dec 18, 1996 | Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. | |||
| CVE-1999-0368 | 0.06 | — | 0.39 | Feb 9, 1999 | Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. | |||
| CVE-2003-0282 | 0.05 | — | 0.23 | Jun 16, 2003 | Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. | |||
| CVE-1999-0153 | 0.05 | — | 0.23 | Jul 1, 1997 | Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. | |||
| CVE-2000-1014 | 0.04 | — | 0.12 | Dec 11, 2000 | Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. | |||
| CVE-1999-0009 | 0.04 | — | 0.29 | Apr 8, 1998 | Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. | |||
| CVE-2008-6559 | 0.03 | — | 0.01 | Mar 30, 2009 | Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters. | |||
| CVE-2008-6558 | 0.03 | — | 0.01 | Mar 30, 2009 | Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program. | |||
| CVE-2008-0310 | 0.03 | — | 0.01 | Apr 7, 2008 | Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST. | |||
| CVE-2008-1343 | 0.03 | — | 0.01 | Mar 17, 2008 | Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors. | |||
| CVE-2006-4655 | 0.03 | — | 0.01 | Sep 9, 2006 | Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. | |||
| CVE-2006-0072 | 0.03 | — | 0.05 | Jan 4, 2006 | Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. | |||
| CVE-2005-2934 | 0.03 | — | 0.01 | Dec 31, 2005 | Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2005-0993 | 0.03 | — | 0.01 | May 2, 2005 | Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument. | |||
| CVE-2004-0996 | 0.03 | — | 0.01 | Jan 10, 2005 | main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2004-0390 | 0.03 | — | 0.03 | Dec 31, 2004 | SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods. | |||
| CVE-2004-0511 | 0.03 | — | 0.01 | Dec 23, 2004 | Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference. | |||
| CVE-2004-0510 | 0.03 | — | 0.01 | Dec 23, 2004 | Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program. | |||
| CVE-2003-0834 | 0.03 | — | 0.01 | Dec 1, 2003 | Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME. | |||
| CVE-2001-0575 | 0.03 | — | 0.01 | Aug 22, 2001 | Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut. | |||
| CVE-2001-0577 | 0.03 | — | 0.01 | Aug 22, 2001 | recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument. | |||
| CVE-2001-0578 | 0.03 | — | 0.01 | Aug 22, 2001 | Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command. | |||
| CVE-2001-0576 | 0.03 | — | 0.01 | Aug 22, 2001 | lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter. | |||
| CVE-2001-0579 | 0.03 | — | 0.02 | Aug 22, 2001 | lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command. | |||
| CVE-2000-0306 | 0.03 | — | 0.04 | Mar 12, 2001 | Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. | |||
| CVE-1999-0979 | 0.03 | — | 0.01 | Apr 11, 2000 | The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. | |||
| CVE-1999-0693 | 0.03 | — | 0.01 | Mar 2, 2000 | Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. | |||
| CVE-2000-0154 | 0.03 | — | 0.01 | Feb 16, 2000 | The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack. | |||
| CVE-2000-0224 | 0.03 | — | 0.01 | Feb 15, 2000 | ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. | |||
| CVE-2000-0026 | 0.03 | — | 0.05 | Dec 21, 1999 | Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. | |||
| CVE-1999-0988 | 0.03 | — | 0.01 | Dec 4, 1999 | UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. | |||
| CVE-1999-0866 | 0.03 | — | 0.01 | Dec 3, 1999 | Buffer overflow in UnixWare xauto program allows local users to gain root privilege. | |||
| CVE-1999-0825 | 0.03 | — | 0.01 | Dec 3, 1999 | The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail. | |||
| CVE-1999-0864 | 0.03 | — | 0.01 | Dec 3, 1999 | UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. | |||
| CVE-1999-0828 | 0.03 | — | 0.01 | Dec 2, 1999 | UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission. | |||
| CVE-1999-0845 | 0.03 | — | 0.01 | Nov 25, 1999 | Buffer overflow in SCO su program allows local users to gain root access via a long username. | |||
| CVE-1999-0830 | 0.03 | — | 0.01 | Nov 1, 1999 | Buffer overflow in SCO UnixWare Xsco command via a long argument. | |||
| CVE-1999-0893 | 0.03 | — | 0.01 | Oct 11, 1999 | userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. | |||
| CVE-1999-0836 | 0.03 | — | 0.03 | Dec 2, 1998 | UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack. | |||
| CVE-1999-1185 | 0.03 | — | 0.01 | Oct 6, 1998 | Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file. | |||
| CVE-1999-1041 | 0.03 | — | 0.01 | Aug 27, 1998 | Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file. | |||
| CVE-1999-0023 | 0.03 | — | 0.01 | Jul 24, 1996 | Local user gains root privileges via buffer overflow in rdist, via lookup() function. | |||
| CVE-2004-1307 | 0.01 | — | 0.06 | Dec 21, 2004 | Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a… |
- risk 0.64cvss 9.8epss 0.02
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.50cvss 7.5epss 0.10
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
- risk 0.36cvss 5.6epss 0.01
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as…
- risk 0.36cvss 5.4epss 0.05
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
- risk 0.29cvss 4.0epss 0.32
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
- CVE-2001-0797Dec 12, 2001risk 0.10cvss —epss 0.89
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
- CVE-1999-0128Dec 18, 1996risk 0.09cvss —epss 0.74
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
- CVE-1999-0368Feb 9, 1999risk 0.06cvss —epss 0.39
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
- CVE-2003-0282Jun 16, 2003risk 0.05cvss —epss 0.23
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
- CVE-1999-0153Jul 1, 1997risk 0.05cvss —epss 0.23
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
- CVE-2000-1014Dec 11, 2000risk 0.04cvss —epss 0.12
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.
- CVE-1999-0009Apr 8, 1998risk 0.04cvss —epss 0.29
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
- CVE-2008-6559Mar 30, 2009risk 0.03cvss —epss 0.01
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters.
- CVE-2008-6558Mar 30, 2009risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program.
- CVE-2008-0310Apr 7, 2008risk 0.03cvss —epss 0.01
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.
- CVE-2008-1343Mar 17, 2008risk 0.03cvss —epss 0.01
Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.
- CVE-2006-4655Sep 9, 2006risk 0.03cvss —epss 0.01
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
- CVE-2006-0072Jan 4, 2006risk 0.03cvss —epss 0.05
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector.
- CVE-2005-2934Dec 31, 2005risk 0.03cvss —epss 0.01
Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors.
- CVE-2005-0993May 2, 2005risk 0.03cvss —epss 0.01
Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument.
- CVE-2004-0996Jan 10, 2005risk 0.03cvss —epss 0.01
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2004-0390Dec 31, 2004risk 0.03cvss —epss 0.03
SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.
- CVE-2004-0511Dec 23, 2004risk 0.03cvss —epss 0.01
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
- CVE-2004-0510Dec 23, 2004risk 0.03cvss —epss 0.01
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program.
- CVE-2003-0834Dec 1, 2003risk 0.03cvss —epss 0.01
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
- CVE-2001-0575Aug 22, 2001risk 0.03cvss —epss 0.01
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
- CVE-2001-0577Aug 22, 2001risk 0.03cvss —epss 0.01
recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.
- CVE-2001-0578Aug 22, 2001risk 0.03cvss —epss 0.01
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.
- CVE-2001-0576Aug 22, 2001risk 0.03cvss —epss 0.01
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
- CVE-2001-0579Aug 22, 2001risk 0.03cvss —epss 0.02
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
- CVE-2000-0306Mar 12, 2001risk 0.03cvss —epss 0.04
Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.
- CVE-1999-0979Apr 11, 2000risk 0.03cvss —epss 0.01
The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.
- CVE-1999-0693Mar 2, 2000risk 0.03cvss —epss 0.01
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
- CVE-2000-0154Feb 16, 2000risk 0.03cvss —epss 0.01
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.
- CVE-2000-0224Feb 15, 2000risk 0.03cvss —epss 0.01
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
- CVE-2000-0026Dec 21, 1999risk 0.03cvss —epss 0.05
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.
- CVE-1999-0988Dec 4, 1999risk 0.03cvss —epss 0.01
UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.
- CVE-1999-0866Dec 3, 1999risk 0.03cvss —epss 0.01
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
- CVE-1999-0825Dec 3, 1999risk 0.03cvss —epss 0.01
The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.
- CVE-1999-0864Dec 3, 1999risk 0.03cvss —epss 0.01
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
- CVE-1999-0828Dec 2, 1999risk 0.03cvss —epss 0.01
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
- CVE-1999-0845Nov 25, 1999risk 0.03cvss —epss 0.01
Buffer overflow in SCO su program allows local users to gain root access via a long username.
- CVE-1999-0830Nov 1, 1999risk 0.03cvss —epss 0.01
Buffer overflow in SCO UnixWare Xsco command via a long argument.
- CVE-1999-0893Oct 11, 1999risk 0.03cvss —epss 0.01
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.
- CVE-1999-0836Dec 2, 1998risk 0.03cvss —epss 0.03
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
- CVE-1999-1185Oct 6, 1998risk 0.03cvss —epss 0.01
Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file.
- CVE-1999-1041Aug 27, 1998risk 0.03cvss —epss 0.01
Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file.
- CVE-1999-0023Jul 24, 1996risk 0.03cvss —epss 0.01
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
- CVE-2004-1307Dec 21, 2004risk 0.01cvss —epss 0.06
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a…
Page 1 of 3