Compaq: Security Vulnerabilities
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.
CVSS Score
4.6
EPSS Score
0.003
Published
2003-04-02
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
CVSS Score
10.0
EPSS Score
0.679
Published
2003-04-02
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.
CVSS Score
2.1
EPSS Score
0.001
Published
2002-12-31
Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.
CVSS Score
7.5
EPSS Score
0.015
Published
2002-12-31
ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.
CVSS Score
5.0
EPSS Score
0.007
Published
2002-12-31
Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap.
CVSS Score
5.0
EPSS Score
0.063
Published
2002-12-31
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.
CVSS Score
4.3
EPSS Score
0.004
Published
2002-12-31
Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.014
Published
2002-10-28
Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1.0 and 1.10, allows authenticated users with Telnet, SSH, or console access to conduct unauthorized activities.
CVSS Score
7.2
EPSS Score
0.002
Published
2002-10-04