22 matches found
CVE-2012-3276
The CVE-2012-3276 entry affects HP OpenVMS on Itanium (8.3, 8.3-1H1, 8.4) and Alpha (7.3-2, 8.2, 8.3, 8.4). The issue is a flaw in the LOGIN and ACME_SERVER ACMELOGIN implementations that can allow a local user to cause a Denial of Service. The vulnerability is characterized as local (AV:L, AC:L)...
CVE-2012-3277
CVE-2012-3277 affects HP OpenVMS on Itanium (V8.3, V8.3-1H1, V8.4) and Alpha (V7.3-2, V8.2, V8.3, V8.4). The issue arises from improper implementation of LOGIN and ACME_SERVER ACMELOGIN, enabling remote attackers to cause a Denial of Service via unspecified vectors. HP’s Security Bulletin HPSBOV0...
CVE-2007-3730
The CVE-2007-3730 issue affects HP OpenVMS TCP/IP Services 5.6 (POP server) where the default configuration fails to log the source IP address and attempted username for login attempts. This logging deficiency could help remote attackers remain anonymous or avoid identification when probing or at...
CVE-2007-5241
CVE-2007-5241 affects HP OpenVMS 8.3 and earlier. A buffer overflow in NET$CSMACD.EXE is triggered by the command “MCR MCL SHOW CSMA-CD Port * All,” allowing local users to cause a denial of service (machine crash) by overwriting a Non-Paged Pool Packet. The description confirms the vulnerable co...
CVE-2007-0139
The CVE-2007-0139 entry concerns DECnet-Plus 7.3-2 (OpenVMS ALPHA) and DECnet/OSI 7.3 (OpenVMS VAX). A vulnerability permits attackers to obtain unintended privileged access to data and system resources via unspecified vectors affecting components such as CTF$UI.EXE, CTF$MESSAGES.EXE, CTF$HELP.HL...
CVE-2006-3686
Technical details about CVE-2006-3686 are not publicly provided in the supplied documents. Monitor for updates from official advisories.
CVE-2007-2468
HP OpenVMS for Integrity Servers versions 8.2-1 and 8.3 are affected by an unspecified local vulnerability that allows a non-privileged user to cause a denial of service (crash) via Program actions relating to exceptions. The description does not provide details on root cause, vulnerable componen...
CVE-2008-3940
CVE-2008-3940 describes a format string vulnerability in the finger client of HP TCP/IP Services for OpenVMS 5.x. Local users can gain privileges by supplying crafted content in either the ".plan" or the ".project" file, exploiting format string specifiers. The vulnerability affects the finger cl...
CVE-2008-5120
CVE-2008-5120 describes a stack-based buffer overflow in the Process Software MultiNet finger service (FINGERD) used by HP OpenVMS 8.3. The overflow occurs via a long request string, enabling remote attackers to execute arbitrary code. The vulnerability is associated with the finger service compo...
CVE-2007-5242
HP OpenVMS 8.3 and earlier contain an unspecified vulnerability in SYS$EI1000.EXE and SYS$EI1000_MON.EXE that allows remote attackers to cause a denial of service (machine crash) via an oversize packet. The issue arises because the oversize packet is not properly discarded when the device has no ...
CVE-2010-1973
CVE-2010-1973 affects HP OpenVMS (ALPHA: 7.3-2, 8.2, 8.3; Itanium: 8.2-1, 8.3-1H1, 8.3) in the Auditing subsystem. The vulnerability allows local users to gain privileges or obtain sensitive information via unknown vectors. HP’s Security Bulletin HPSBOV02539 lists potential local information disc...
CVE-2012-2010
The CVE-2012-2010 vulnerability affects HP OpenVMS where the ACMELOGIN implementation (SYS$ACM) on Alpha and Itanium platforms can be exploited locally to gain privileges. Affected versions are OpenVMS Alpha v8.3/v8.4 and Itanium v8.3, v8.3-1H1, and v8.4, with the SYS$ACM system service enabled. ...
CVE-2017-17482
OpenVMS has a local privilege escalation vulnerability CVE-2017-17482 caused by a malformed DCL command table that can trigger a buffer overflow. Affected: OpenVMS on Alpha (V8.4-2L2) and IA64 (V8.4-2L1), and VAX/VMS 4.0 and later. Impact: local privilege escalation for non-privileged users; the ...
CVE-2005-0652
Technical details about CVE-2005-0652 (affected products, vulnerable components, root cause, impact) are not publicly available in the supplied documents. Monitor for updates.
CVE-2007-3729
CVE-2007-3729 affects the POP server in TCP/IP Services 5.6 on HP OpenVMS 8.3. The default configuration causes the server to generate different responses based on whether a provided username is valid, allowing remote attackers to enumerate valid POP usernames via network interaction. The availab...
CVE-2010-2612
Technical details about CVE-2010-2612 are not publicly provided in the supplied documents; no affected products, vulnerable components, or fixes are specified here. Monitor for updates.
CVE-2007-2998
CVE-2007-2998 affects the Pascal run-time library PAS$RTL.EXE on OpenVMS: OpenVMS for Integrity Servers 8.3 (before 20070418) and OpenVMS Alpha 8.3 (before 20070419). The issue is that PAS$RTL.EXE does not properly restore PC and PSL values, which enables local users to trigger a denial of servic...
CVE-2008-3946
The CVE-2008-3946 entry affects the finger client in HP TCP/IP Services for OpenVMS 5.x. The vulnerability enables local users to read arbitrary files by requesting a link corresponding to a .plan or a .project file. This is a local, low-complexity issue with complete confidentiality impact on th...
CVE-2010-4110
HP OpenVMS Integrity Servers on Itanium (HP OpenVMS 8.3, 8.3-1H1, 8.4) is affected by CVE-2010-4110, which enables local users to gain privileged access or cause a DoS due to an unspecified vulnerability in the OS on Integrity systems. The connected HP security bulletin (HPSBOV02618) confirms the...
CVE-2012-0134
CVE-2012-0134 affects HP OpenVMS: local Denial of Service on HP OpenVMS 7.3-2 (Alpha) and 8.3/8.4 (Alpha/IA64), plus 8.3-1h1 (IA64). Root cause unspecified in initial description; HP bulletin lists affected versions and patch kits: VMS732_MUP-V0200 (7.3-2 Alpha), VMS83A_MUP-V0100 (8.3 Alpha), VMS...
CVE-2008-3947
CVE-2008-3947 affects OpenVMS Alpha 8.3 (DCL). Local users can gain privileges via a long command line. CVSSv2 base score 7.2 (HIGH). No remediation or exploit details are provided in the connected documents.
CVE-2008-4052
CVE-2008-4052 describes a stack-based overflow in SMGSHR.EXE on OpenVMS for Integrity Servers (8.2-1, 8.3, 8.3-1H1) and OpenVMS ALPHA (7.3-2, 8.2, 8.3). The underlying issue is a stack-based overflow in SMGSHR.EXE that allows local users to cause a denial of service (crash) or gain privileges via...