Sco
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Sco product.
RSS Feeds for Sco security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Sco products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Sco Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Sco.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
It may take a day or so for new Sco vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sco Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2004-0510 | Dec 23, 2004 |
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, mayMultiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program. |
Openserver
|
| CVE-2004-0081 | Nov 23, 2004 |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, whichOpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. |
Openserver
|
| CVE-2004-0112 | Nov 23, 2004 |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshakeThe SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. |
Openserver
|
| CVE-2004-0079 | Nov 23, 2004 |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshakeThe do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. |
Openserver
|
| CVE-2003-0937 | Dec 15, 2003 |
SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user. |
Unixware
Open Unix
|
| CVE-2003-0658 | Oct 20, 2003 |
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a wayDocview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules. |
Unixware
|
| CVE-2003-0791 | Oct 07, 2003 |
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlierThe Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. |
Openserver
|
| CVE-2003-0742 | Oct 06, 2003 |
SCO Internet Manager (mana)SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program. |
Openserver
|
| CVE-1999-0988 | Dec 04, 1999 |
UnixWare pkgtrans allows local users to read arbitrary filesUnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. |
Unixware
|
| CVE-1999-0845 | Nov 25, 1999 |
Buffer overflow in SCO su programBuffer overflow in SCO su program allows local users to gain root access via a long username. |
Unixware
|
| CVE-1999-0830 | Nov 01, 1999 |
Buffer overflow in SCO UnixWare Xsco commandBuffer overflow in SCO UnixWare Xsco command via a long argument. |
Unixware
|
| CVE-1999-0893 | Oct 11, 1999 |
userOsa in SCO OpenServeruserOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. |
Openserver
|
| CVE-1999-0942 | Oct 04, 1999 |
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a scriptUnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. |
Unixware
|
| CVE-1999-0411 | Mar 07, 1999 |
Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attackSeveral startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access. |
Openserver
|
| CVE-1999-0476 | Mar 01, 1999 |
A weak encryption algorithm is used for passwords in SCO TermVisionA weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. |
Openserver
|
| CVE-1999-0368 | Feb 09, 1999 |
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.aBuffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. |
Openserver
Unixware
|
| CVE-1999-0017 | Dec 10, 1997 |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP clientFTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
Open Desktop
Openserver
Unixware
And others... |
| CVE-1999-0024 | Aug 13, 1997 |
DNS cache poisoningDNS cache poisoning via BIND, by predictable query IDs. |
Openserver
Open Desktop
Unixware
And others... |
| CVE-1999-0524 | Aug 01, 1997 |
ICMP information such as (1) netmask and (2) timestamp isICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. |
Sco Unix
|
| CVE-1999-0033 | Jun 12, 1997 |
Command execution in Sun systemsCommand execution in Sun systems via buffer overflow in the at program. |
Openserver
Open Desktop
Unixware
And others... |
| CVE-1999-0345 | Jan 01, 1997 |
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. |
Open Desktop
Internet Faststart
Openserver
And others... |
| CVE-1999-0128 | Dec 18, 1996 |
Oversized ICMP ping packetsOversized ICMP ping packets can result in a denial of service, aka Ping o' Death. |
Openserver
Open Desktop
Internet Faststart
And others... |
| CVE-1999-0129 | Dec 03, 1996 |
Sendmail allows local users to write to a file and gain group permissionsSendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
Openserver
Internet Faststart
|
| CVE-1999-0023 | Jul 24, 1996 |
Local user gains root privilegesLocal user gains root privileges via buffer overflow in rdist, via lookup() function. |
Openserver
Open Desktop
Internet Faststart
And others... |
| CVE-1999-0078 | Apr 18, 1996 |
pcnfsd (aka rpc.pcnfsd)pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
Unixware
Openserver
|