Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0443 | 1 Hp | 2 Openvms, Openvms Rms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors. | |||||
| CVE-2008-5417 | 1 Hp | 2 Decnet Plus For Openvms, Openvms | 2024-11-21 | 2.1 LOW | N/A |
| HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | |||||
| CVE-2008-5120 | 1 Hp | 1 Openvms | 2024-11-21 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string. | |||||
| CVE-2008-4052 | 1 Hp | 1 Openvms | 2024-11-21 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors. | |||||
| CVE-2008-3947 | 1 Hp | 1 Openvms | 2024-11-21 | 7.2 HIGH | N/A |
| DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line. | |||||
| CVE-2008-3946 | 1 Hp | 1 Openvms | 2024-11-21 | 4.9 MEDIUM | N/A |
| The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. | |||||
| CVE-2008-3940 | 1 Hp | 1 Openvms | 2024-11-21 | 4.4 MEDIUM | N/A |
| Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | |||||
| CVE-2007-5242 | 1 Hp | 1 Openvms | 2024-11-21 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment." | |||||
| CVE-2007-5241 | 1 Hp | 1 Openvms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. | |||||
| CVE-2007-3730 | 1 Hp | 1 Openvms | 2024-11-21 | 5.0 MEDIUM | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification. | |||||
| CVE-2007-3729 | 1 Hp | 1 Openvms | 2024-11-21 | 5.0 MEDIUM | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | |||||
| CVE-2007-2998 | 1 Hp | 1 Openvms | 2024-11-21 | 4.9 MEDIUM | N/A |
| The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. | |||||
| CVE-2007-2468 | 1 Hp | 1 Openvms | 2024-11-21 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions." | |||||
| CVE-2007-0139 | 1 Hp | 1 Openvms | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. | |||||
| CVE-2006-3686 | 1 Hp | 1 Openvms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash). | |||||
| CVE-2005-3476 | 1 Hp | 1 Openvms | 2024-11-21 | 2.1 LOW | N/A |
| Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service. | |||||
| CVE-2005-0652 | 1 Hp | 1 Openvms | 2024-11-20 | 2.1 LOW | N/A |
| Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. | |||||
| CVE-2017-17482 | 1 Hp | 1 Openvms | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. | |||||
| CVE-2012-2010 | 1 Hp | 1 Openvms | 2024-02-28 | 6.9 MEDIUM | N/A |
| The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-3277 | 1 Hp | 1 Openvms | 2024-02-28 | 5.0 MEDIUM | N/A |
| HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||