Summary
Detail | |||
---|---|---|---|
Vendor | Hp | First view | 2007-01-09 |
Product | Openvms | Last view | 2018-02-07 |
Version | 7.3 | Type | Application |
Update | * | ||
Edition | openvms_vax | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:hp:openvms |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2018-02-07 | CVE-2017-17482 | An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. |
6.8 | 2010-07-22 | CVE-2010-1973 | Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors. |
4.3 | 2007-10-06 | CVE-2007-5242 | Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment." |
5 | 2007-10-06 | CVE-2007-5241 | Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. |
7.5 | 2007-01-09 | CVE-2007-0139 | Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
66481 | HP OpenVMS Auditing Subsystem Unspecified Local Privilege Escalation |
37813 | OpenVMS SYS$EI1000_MON.EXE Oversized Packet Remote DoS |
37812 | OpenVMS SYS$EI1000.EXE Oversized Packet Remote DoS |
37811 | OpenVMS NET$CSMACD.EXE Crafted Command Local DoS |
32586 | HP DECnet-Plus for OpenVMS [SYSMGR]CTF$STARTUP.COM Unspecified Privilege Esca... |
32585 | HP DECnet-Plus for OpenVMS [SYSHLP]CTF$HELP.HLB Unspecified Privilege Escalation |
32584 | HP DECnet-Plus for OpenVMS [SYSMSG]CTF$MESSAGES.EXE Unspecified Privilege Esc... |
32583 | HP DECnet-Plus for OpenVMS [SYSEXE]CTF$UI.EXE Unspecified Privilege Escalation |