Hp: >> Openvms Security Vulnerabilities
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services.
CVSS Score
2.1
EPSS Score
0.001
Published
2008-12-10
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
CVSS Score
10.0
EPSS Score
0.094
Published
2008-11-18
Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.001
Published
2008-09-11
The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.
CVSS Score
4.9
EPSS Score
0.001
Published
2008-09-05
DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
CVSS Score
7.2
EPSS Score
0.001
Published
2008-09-05
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.
CVSS Score
4.4
EPSS Score
0.001
Published
2008-09-05
Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet.
CVSS Score
5.0
EPSS Score
0.008
Published
2007-10-06
Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."
CVSS Score
4.3
EPSS Score
0.006
Published
2007-10-06
The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.
CVSS Score
5.0
EPSS Score
0.006
Published
2007-07-12
The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.
CVSS Score
5.0
EPSS Score
0.006
Published
2007-07-12