VYPR

Vendor CVEs

SCO Group

All CVEs

135 total · sorted by risk
  • CVE-2004-0081Nov 23, 2004
    risk 0.01cvss epss 0.07

    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • CVE-2004-0112Nov 23, 2004
    risk 0.01cvss epss 0.10

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…

  • CVE-2004-1082Feb 3, 2004
    risk 0.01cvss epss 0.08

    mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

  • CVE-2011-1432Mar 16, 2011
    risk 0.00cvss epss 0.02

    The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext…

  • CVE-2009-1552May 6, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7.1.4 Maintenance Pack 4 allows attackers to cause a denial of service (system panic) via unspecified vectors.

  • CVE-2005-3624Dec 31, 2005
    risk 0.00cvss epss 0.02

    The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer…

  • CVE-2005-3626Dec 31, 2005
    risk 0.00cvss epss 0.03

    Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

  • CVE-2005-3625Dec 31, 2005
    risk 0.00cvss epss 0.04

    Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka…

  • CVE-2005-3903Dec 14, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a large file, a different vulnerability than CVE-2001-1063.

  • CVE-2005-2927Oct 25, 2005
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.

  • CVE-2005-2926Oct 25, 2005
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable.

  • CVE-2005-2132Aug 3, 2005
    risk 0.00cvss epss 0.01

    RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests.

  • CVE-2005-0134May 18, 2005
    risk 0.00cvss epss 0.00

    The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets.

  • CVE-2005-0351Apr 7, 2005
    risk 0.00cvss epss 0.00

    Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable.

  • CVE-2004-1131Feb 7, 2005
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments.

  • CVE-2003-1021Jan 26, 2005
    risk 0.00cvss epss 0.00

    The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.

  • CVE-2004-1039Jan 11, 2005
    risk 0.00cvss epss 0.02

    The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each…

  • CVE-2004-0512Dec 23, 2004
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump.

  • CVE-2004-1124Jan 14, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities.

  • CVE-2003-0914Dec 15, 2003
    risk 0.00cvss epss 0.03

    ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

  • CVE-2003-0937Dec 15, 2003
    risk 0.00cvss epss 0.00

    SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open…

  • CVE-2003-0872Nov 17, 2003
    risk 0.00cvss epss 0.00

    Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files.

  • CVE-2003-0658Oct 20, 2003
    risk 0.00cvss epss 0.02

    Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.

  • CVE-2003-0742Oct 6, 2003
    risk 0.00cvss epss 0.00

    SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.

  • CVE-2003-0597Aug 27, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.

  • CVE-2002-1998Dec 31, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows remote attackers to execute arbitrary commands via a long parameter to rtable_create (procedure 21).

  • CVE-2002-1323Dec 11, 2002
    risk 0.00cvss epss 0.00

    Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

  • CVE-2002-1231Nov 4, 2002
    risk 0.00cvss epss 0.00

    SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.

  • CVE-2002-1199Oct 28, 2002
    risk 0.00cvss epss 0.02

    The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

  • CVE-2002-0988Sep 24, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.

  • CVE-2002-0716Jul 26, 2002
    risk 0.00cvss epss 0.00

    Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.

  • CVE-1999-1570May 1, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.

  • CVE-2001-1579Dec 31, 2001
    risk 0.00cvss epss 0.01

    The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.

  • CVE-2001-1508Dec 31, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.

  • CVE-2001-1578Dec 31, 2001
    risk 0.00cvss epss 0.00

    Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.

  • CVE-2001-0896Nov 30, 2001
    risk 0.00cvss epss 0.02

    Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO.

  • CVE-2001-1062Aug 31, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.

  • CVE-2001-0587Aug 22, 2001
    risk 0.00cvss epss 0.01

    deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.

  • CVE-2001-0627Aug 22, 2001
    risk 0.00cvss epss 0.00

    vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.

  • CVE-2001-0588Aug 22, 2001
    risk 0.00cvss epss 0.00

    sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.

  • CVE-2001-1148Jun 13, 2001
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.

  • CVE-2000-0349Mar 12, 2001
    risk 0.00cvss epss 0.01

    Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service.

  • CVE-2000-0348Mar 12, 2001
    risk 0.00cvss epss 0.02

    A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.

  • CVE-2000-0351Mar 12, 2001
    risk 0.00cvss epss 0.00

    Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.

  • CVE-2000-0307Mar 12, 2001
    risk 0.00cvss epss 0.01

    Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.

  • CVE-2000-0308Mar 12, 2001
    risk 0.00cvss epss 0.02

    Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.

  • CVE-2000-0842Nov 14, 2000
    risk 0.00cvss epss 0.02

    The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.

  • CVE-2000-0173Mar 10, 2000
    risk 0.00cvss epss 0.01

    Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service.

  • CVE-2000-0158Feb 16, 2000
    risk 0.00cvss epss 0.02

    Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.

  • CVE-2000-0215Feb 8, 2000
    risk 0.00cvss epss 0.00

    Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.