Vulnerabilities > HP > Openvms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-12-10 | CVE-2008-5417 | Permissions, Privileges, and Access Controls vulnerability in HP Decnet Plus for Openvms 8.3 HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | 2.1 |
2008-11-18 | CVE-2008-5120 | Buffer Errors vulnerability in HP Openvms 8.3 Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string. | 10.0 |
2008-09-11 | CVE-2008-4052 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openvms Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors. | 7.2 |
2008-09-05 | CVE-2008-3947 | Improper Input Validation vulnerability in HP Openvms 8.3 DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line. | 7.2 |
2008-09-05 | CVE-2008-3946 | Local Security vulnerability in HP Openvms 5 The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. | 4.9 |
2008-09-05 | CVE-2008-3940 | USE of Externally-Controlled Format String vulnerability in HP Openvms 5 Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | 4.4 |
2007-10-06 | CVE-2007-5242 | Denial of Service vulnerability in OpenVMS Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment." network hp | 4.3 |
2007-10-06 | CVE-2007-5241 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openvms Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. | 5.0 |
2007-07-12 | CVE-2007-3730 | Unspecified vulnerability in HP Openvms 8.3 The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification. | 5.0 |
2007-07-12 | CVE-2007-3729 | Unspecified vulnerability in HP Openvms 8.3 The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | 5.0 |