CVE-2017-17482
https://notcve.org/view.php?id=CVE-2017-17482
An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. • http://www.openvms.org/node/121 https://groups.google.com/forum/#%21topic/comp.os.vms/BYIUQ0lJ-s0 https://www.theregister.co.uk/2018/02/06/openvms_vulnerability • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1973
https://notcve.org/view.php?id=CVE-2010-1973
Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en Auditing subsystem de HP OpenVMS v8.3, 8.2, 7.3-2 y anteriores en la plataforma ALPHA y 8.3-1H1, 8.3, 8.2-1 y anteriores en la plataforma Itanium; permite a usuarios locales ganar privilegios u obtener información sensible a través de vectores desconocidos. • http://marc.info/?l=bugtraq&m=127905660900687&w=2 http://securitytracker.com/id?1024190 •
CVE-2007-5241
https://notcve.org/view.php?id=CVE-2007-5241
Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. Desbordamiento de búfer en NET$CSMACD.EXE en HP OpenVMS 8.3 y anteriores permite a usuarios locales provocar denegación de servicio (caida de maquina) a través de comando "MCR MCL SHOW CSMA-CD Port * All", el cual sobrescribe Non-Paged Pool Packet. • http://mail.openvms.org:8100/Lists/alerts/Message/582.html http://mail.openvms.org:8100/Lists/alerts/Message/583.html http://osvdb.org/37811 http://secunia.com/advisories/27084 http://www.securityfocus.com/bid/25939 http://www.vupen.com/english/advisories/2007/3382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5242
https://notcve.org/view.php?id=CVE-2007-5242
Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment." Vulnerabilidad no especificada en (1) SYS$EI1000.EXE y (2) SYS$EI1000_MON.EXE en HP OpenVMS 8.3 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de maquina) a través de un paquete "sobredimensionado", el cual no es descartado adecuadamente si "el dispositivo no tiene búfers restantes después de recibir el primer segmento de búfer". • http://mail.openvms.org:8100/Lists/alerts/Message/582.html http://mail.openvms.org:8100/Lists/alerts/Message/583.html http://osvdb.org/37812 http://osvdb.org/37813 http://secunia.com/advisories/27084 http://www.securityfocus.com/bid/25939 http://www.vupen.com/english/advisories/2007/3382 •
CVE-2005-0652
https://notcve.org/view.php?id=CVE-2005-0652
Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. • http://marc.info/?l=bugtraq&m=110980700101451&w=2 http://secunia.com/advisories/14444 https://exchange.xforce.ibmcloud.com/vulnerabilities/19566 •