An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-02-07
Updated
2018-08-13
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.50%
Published
2012-12-13
Updated
2019-10-09
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-12-13
Updated
2019-10-09
The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-05-18
Updated
2017-12-05
Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-04-19
Updated
2012-08-14
Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.
Max CVSS
5.7
EPSS Score
0.04%
Published
2010-12-22
Updated
2011-01-11
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-07-02
Updated
2018-10-30
Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.
Max CVSS
6.8
EPSS Score
0.04%
Published
2010-07-22
Updated
2019-10-09
Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-09-11
Updated
2017-08-08
DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-09-05
Updated
2017-08-08
Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."
Max CVSS
4.3
EPSS Score
4.64%
Published
2007-10-06
Updated
2011-03-08
Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet.
Max CVSS
5.0
EPSS Score
0.28%
Published
2007-10-06
Updated
2011-03-08
The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.
Max CVSS
5.0
EPSS Score
0.63%
Published
2007-07-12
Updated
2008-11-15
The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.
Max CVSS
5.0
EPSS Score
0.65%
Published
2007-07-12
Updated
2017-07-29
The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-06-04
Updated
2017-07-29
Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions."
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-05-02
Updated
2017-07-29
Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).
Max CVSS
5.0
EPSS Score
0.63%
Published
2006-07-21
Updated
2011-03-08
Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2017-07-11
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!