259 matches found
CVE-2010-1973
Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors...
CVE-2008-5417
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the 1 SYS$CRELNM and 2 SYS$DELLNM system services...
CVE-2002-2000
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data...
K17522: NTP vulnerability CVE-2015-7851
Security Advisory Description Directory traversal vulnerability in the saveconfig function in ntpd in ntpcontrol.c in NTP before 4.2.8p4, when used on systems that do not use '' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary...
SUSE CVE-2015-7851
Directory traversal vulnerability in the saveconfig function in ntpd in ntpcontrol.c in NTP before 4.2.8p4, when used on systems that do not use '' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files...
Security Bulletin: IBM Sterling Connect:Direct for OpenVMS. Unencrypted data transfers can occur even when SSL encryption is specified in the security configuration. (CVE-2013-4035)
Abstract Unencrypted data transfers can occur even when SSL encryption is specified in the security configuration. Content VULNERABILITY DETAILS: CVEID: CVE-2013-4035 DESCRIPTION: When Connect:Direct for OpenVMS is the server in a TCP/IP session, and the client requests an unencrypted session, C:...
DEBIAN-CVE-2015-7851
Directory traversal vulnerability in the saveconfig function in ntpd in ntpcontrol.c in NTP before 4.2.8p4, when used on systems that do not use '' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files...
CVE-2015-7851
Directory traversal vulnerability in the saveconfig function in ntpd in ntpcontrol.c in NTP before 4.2.8p4, when used on systems that do not use '' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files...
CVE-2015-7851
CVE-2015-7851 is a directory traversal vulnerability in ntpd’s save_config path (ntp_control.c) affecting ntpd before 4.2.8p4. The issue arises on systems where directory separators differ (e.g., OpenVMS), allowing remote authenticated users to overwrite arbitrary files via crafted config saves. ...
Security Bulletin: Vulnerability in OpenSSL( CVE-2016-0800 ) affect IBM WebSphere MQ on OpenVMS Alpha & Itanium when using HP OpenSSL V1.4 kit
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by HP SSL 1.4 on HP OpenVMS. IBM WebSphere MQ on OpenVMS Alpha & Itanium uses HP SSL and has addressed the applicable CVE CVE-2016-0800 the “DROWN: Decrypting RSA with Obsolete and Weakened...
Security Bulletin: Vulnerability in OpenSSLaffect IBM WebSphere MQ V6.0 on OpenVMS Alpha and Itanium platforms ( CVE-2016-2183 )
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by HP SSL on HP OpenVMS. IBM WebSphere MQ on OpenVMS Alpha and Itanium uses HP SSL and has addressed the applicable CVE CVE-2016-2183 known as “SWEET32 Birthday attack"...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM WebSphere MQ (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere MQ. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...
Code injection
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the...
CVE-2013-4035
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the...
CVE-2013-4035
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the...
CVE-2013-4035
CVE-2013-4035 affects IBM Sterling Connect:Direct for OpenVMS (versions 3.4.00, 3.4.01, 3.5.00, 3.6.0, 3.6.0.1). When the server is in a TCP/IP session and the client requests an unencrypted session, the product may allow an unencrypted session to proceed even if SSL is configured, exposing data....
Buffer overflow
An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is...
CVE-2017-17482
An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is...
CVE-2017-17482
An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is...
CVE-2017-17482
An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is...