CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-17482
https://notcve.org/view.php?id=CVE-2017-17482
An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. • http://www.openvms.org/node/121 https://groups.google.com/forum/#%21topic/comp.os.vms/BYIUQ0lJ-s0 https://www.theregister.co.uk/2018/02/06/openvms_vulnerability • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2010-1973
https://notcve.org/view.php?id=CVE-2010-1973
Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en Auditing subsystem de HP OpenVMS v8.3, 8.2, 7.3-2 y anteriores en la plataforma ALPHA y 8.3-1H1, 8.3, 8.2-1 y anteriores en la plataforma Itanium; permite a usuarios locales ganar privilegios u obtener información sensible a través de vectores desconocidos. • http://marc.info/?l=bugtraq&m=127905660900687&w=2 http://securitytracker.com/id?1024190 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3946
https://notcve.org/view.php?id=CVE-2008-3946
The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. El cliente finger en HP TCP/IP Services para OpenVMS 5.x permite a usuarios locales leer arbitrariamente archivos a través de un enlace correspondiente a un archivo (1) .plan o (2) .project . • http://deathrow.vistech.net/DEFCON16/VMS.PDF https://exchange.xforce.ibmcloud.com/vulnerabilities/45135 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3940
https://notcve.org/view.php?id=CVE-2008-3940
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. Vulnerabilidad de formato de cadena del cliente finger en HP TCP/IP Services para OpenVMS 5.x, permite a usuarios locales obtener privilegios mediante especificadores de cadena de formato en un archivo 1) .plan or (2) .project . • http://deathrow.vistech.net/DEFCON16/VMS.PDF http://secunia.com/advisories/31587 http://www.securityfocus.com/bid/30948 http://www.vupen.com/english/advisories/2008/2463 https://exchange.xforce.ibmcloud.com/vulnerabilities/44752 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5241
https://notcve.org/view.php?id=CVE-2007-5241
Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. Desbordamiento de búfer en NET$CSMACD.EXE en HP OpenVMS 8.3 y anteriores permite a usuarios locales provocar denegación de servicio (caida de maquina) a través de comando "MCR MCL SHOW CSMA-CD Port * All", el cual sobrescribe Non-Paged Pool Packet. • http://mail.openvms.org:8100/Lists/alerts/Message/582.html http://mail.openvms.org:8100/Lists/alerts/Message/583.html http://osvdb.org/37811 http://secunia.com/advisories/27084 http://www.securityfocus.com/bid/25939 http://www.vupen.com/english/advisories/2007/3382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •