Hp Openvms vulnerabilities

CVE-2017-17482 [HIGH] CWE-119 CVE-2017-17482: An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/V An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on

CVE-2012-3277 [MEDIUM] CVE-2012-3277: HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha p HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.

CVE-2012-3276 [LOW] CWE-16 CVE-2012-3276: HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha p HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors.

CVE-2012-2010 [MEDIUM] CWE-264 CVE-2012-2010: The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.

CVE-2012-0134 [MEDIUM] CVE-2012-0134: Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors.

CVE-2010-4110 [MEDIUM] CVE-2010-4110: Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity s Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.

CVE-2010-1973 [MEDIUM] CVE-2010-1973: Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on th Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.

CVE-2010-2612 [LOW] CWE-200 CVE-2010-2612: Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; a Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.

CVE-2008-5120 [CRITICAL] CWE-119 CVE-2008-5120: Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP Ope Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.

CVE-2008-4052 [HIGH] CWE-119 CVE-2008-4052: Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 a Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.

CVE-2008-3947 [HIGH] CWE-20 CVE-2008-3947: DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.

CVE-2008-3946 [MEDIUM] CWE-59 CVE-2008-3946: The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files v The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.

CVE-2008-3940 [MEDIUM] CWE-134 CVE-2008-3940: Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.

CVE-2007-5242 [MEDIUM] CVE-2007-5242: Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and ear Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."

CVE-2007-5241 [MEDIUM] CWE-119 CVE-2007-5241: Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet.

CVE-2007-3730 [MEDIUM] CVE-2007-3730: The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log t The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.

CVE-2007-3729 [MEDIUM] CVE-2007-3729: The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates diff The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.

CVE-2007-2998 [MEDIUM] CVE-2007-2998: The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code.

CVE-2007-2468 [MEDIUM] CVE-2007-2468: Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to ca Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions."

CVE-2007-0139 [HIGH] CVE-2007-0139: Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, an Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.