Sco Openserver
By the Year
In 2024 there have been 0 vulnerabilities in Sco Openserver . Openserver did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Openserver vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sco Openserver Security Vulnerabilities
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may
CVE-2004-0510
- December 23, 2004
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program.
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which
CVE-2004-0081
- November 23, 2004
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake
CVE-2004-0112
- November 23, 2004
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Out-of-bounds Read
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake
CVE-2004-0079
7.5 - High
- November 23, 2004
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
NULL Pointer Dereference
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier
CVE-2003-0791
9.8 - Critical
- October 07, 2003
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
Marshaling, Unmarshaling
SCO Internet Manager (mana)
CVE-2003-0742
- October 06, 2003
SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.
userOsa in SCO OpenServer
CVE-1999-0893
- October 11, 1999
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.
Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack
CVE-1999-0411
- March 07, 1999
Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access.
A weak encryption algorithm is used for passwords in SCO TermVision
CVE-1999-0476
- March 01, 1999
A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a
CVE-1999-0368
- February 09, 1999
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client
CVE-1999-0017
- December 10, 1997
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
DNS cache poisoning
CVE-1999-0024
- August 13, 1997
DNS cache poisoning via BIND, by predictable query IDs.
Command execution in Sun systems
CVE-1999-0033
- June 12, 1997
Command execution in Sun systems via buffer overflow in the at program.
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
CVE-1999-0345
- January 01, 1997
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
Oversized ICMP ping packets
CVE-1999-0128
- December 18, 1996
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
Sendmail allows local users to write to a file and gain group permissions
CVE-1999-0129
- December 03, 1996
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Local user gains root privileges
CVE-1999-0023
- July 24, 1996
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
pcnfsd (aka rpc.pcnfsd)
CVE-1999-0078
- April 18, 1996
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hp Ux or by Sco? Click the Watch button to subscribe.
