CompaqCVEs & Vulnerabilities

42 CVEs affecting Compaq products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

tru64 198insight manager xe 12insight management agent 10management agents 5tcp-ip services 4foundation agents 4survey utility 3insight manager lc 2
CVE-2008-0211MEDIUM

Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors.

1 Apr 2008
4.9
CVSS
CVE-2008-0706HIGH

Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.

1 Apr 2008
7.2
CVSS
CVE-2005-2982MEDIUM

Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page.

20 Sep 2005
4.3
CVSS
CVE-2005-0223MEDIUM

The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.

2 May 2005
5.0
CVSS
CVE-2003-0914MEDIUM

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

15 Dec 2003
4.3
CVSS
CVE-2003-0688MEDIUM

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

20 Oct 2003
5.0
CVSS
CVE-2003-0724HIGH

ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.

20 Oct 2003
7.5
CVSS
CVE-2003-0694CRITICAL

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

6 Oct 2003
10.0
CVSS
CVE-2003-0196CRITICAL

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

5 May 2003
10.0
CVSS
CVE-2003-0201CRITICALpoc

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

5 May 2003
10.0
CVSS
CVE-2003-0161CRITICALpoc

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

2 Apr 2003
10.0
CVSS
CVE-2002-1513MEDIUMpoc

The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.

2 Apr 2003
4.6
CVSS
CVE-2002-2000LOW

ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.

31 Dec 2002
2.1
CVSS
CVE-2002-2002HIGH

Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.

31 Dec 2002
7.5
CVSS
CVE-2002-2003MEDIUM

ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.

31 Dec 2002
5.0
CVSS
CVE-2002-2004MEDIUM

portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.

31 Dec 2002
5.0
CVSS
CVE-2002-2422MEDIUMpoc

Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.

31 Dec 2002
4.3
CVSS
CVE-2002-2071MEDIUMpoc

Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap.

31 Dec 2002
5.0
CVSS
CVE-2002-1202HIGH

Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files.

28 Oct 2002
7.5
CVSS
CVE-2002-0883HIGH

Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1.0 and 1.10, allows authenticated users with Telnet, SSH, or console access to conduct unauthorized activities.

4 Oct 2002
7.2
CVSS
CVE-2002-1129HIGHpoc

Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.

4 Oct 2002
7.2
CVSS
CVE-2002-0093HIGH

Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary code, a different vulnerability than CVE-2001-0423.

5 Sep 2002
7.2
CVSS
CVE-2002-0679CRITICAL

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

5 Sep 2002
10.0
CVSS
CVE-2002-0816HIGH

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.

12 Aug 2002
7.2
CVSS
CVE-2000-1209CRITICALpoc

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

12 Aug 2002
10.0
CVSS
CVE-2002-0677HIGH

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

23 Jul 2002
7.5
CVSS
CVE-2002-0678HIGH

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

23 Jul 2002
7.2
CVSS
CVE-2001-0840CRITICAL

Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.

6 Dec 2001
10.0
CVSS
CVE-2001-0728MEDIUM

Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.

30 Oct 2001
4.6
CVSS
CVE-2001-1033MEDIUM

Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.

25 Sep 2001
5.0
CVSS
CVE-2001-1093HIGHpoc

Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.

10 Sep 2001
7.2
CVSS
CVE-2001-1092LOWpoc

msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.

10 Sep 2001
2.1
CVSS
CVE-2001-0434MEDIUM

The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.

2 Jul 2001
6.4
CVSS
CVE-2001-0374HIGH

The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301.

18 Jun 2001
7.5
CVSS
CVE-2001-0134CRITICAL

Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.

12 Mar 2001
10.0
CVSS
CVE-2001-1435MEDIUM

inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services.

23 Feb 2001
5.0
CVSS
CVE-2000-0946MEDIUM

Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.

19 Dec 2000
4.6
CVSS
CVE-1999-1355HIGH

BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.

31 Dec 1999
7.5
CVSS
CVE-1999-1356MEDIUM

Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.

2 Sep 1999
4.6
CVSS
CVE-1999-0772MEDIUM

Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.

1 Jun 1999
6.4
CVSS
CVE-1999-0771MEDIUMpoc

The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.

26 May 1999
5.0
CVSS
CVE-1999-1152HIGH

Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack.

3 Jun 1998
7.5
CVSS
← PrevPage 1 / 1Next →