Aix Security Vulnerabilities and Issues — Page 7 of Aix CVE List

Lucene search

IbmAix

387 matches found

CVE•added 2005/03/26 5:0 a.m.•37 views

CVE-2002-1621

Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.

10CVSS7.9AI score0.19529EPSS

CVE•added 2005/06/21 4:0 a.m.•37 views

CVE-2002-1686

Buffer overflow in lscfg of unknown versions of AIX has unknown impact.

10CVSS7.3AI score0.00505EPSS

CVE•added 2005/02/10 5:0 a.m.•37 views

CVE-2005-0261

lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.

2.1CVSS6.8AI score0.0007EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-0263

Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.

7.2CVSS7.9AI score0.00432EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-1176

Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.

1.2CVSS6.8AI score0.00071EPSS

CVE•added 2005/11/22 11:3 a.m.•37 views

CVE-2005-3749

Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.

7.2CVSS6.5AI score0.00064EPSS

CVE•added 2005/12/08 1:3 a.m.•37 views

CVE-2005-4068

Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.

7.2CVSS6.1AI score0.00068EPSS

CVE•added 2006/03/10 1:2 a.m.•37 views

CVE-2006-0667

lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.

4.6CVSS6.1AI score0.00065EPSS

CVE•added 2006/05/30 10:2 a.m.•37 views

CVE-2006-2647

Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.

7.2CVSS7.1AI score0.00051EPSS

CVE•added 2007/11/05 4:46 p.m.•37 views

CVE-2007-4622

Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.

7.2CVSS6.4AI score0.00055EPSS

CVE•added 2008/03/31 11:44 p.m.•37 views

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.

7.2CVSS6.3AI score0.00065EPSS

CVE•added 2008/12/09 12:30 a.m.•37 views

CVE-2008-5384

crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.

6.9CVSS6.3AI score0.00046EPSS

CVE•added 2009/10/01 3:30 p.m.•37 views

CVE-2009-3516

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

7.2CVSS5.9AI score0.0008EPSS

CVE•added 1999/09/29 4:0 a.m.•36 views

CVE-1999-0338

AIX Licensed Program Product performance tools allow local users to gain root access.

7.2CVSS7.4AI score0.00064EPSS

CVE•added 2000/01/18 5:0 a.m.•36 views

CVE-1999-0694

Denial of service in AIX ptrace system call allows local users to crash the system.

2.1CVSS6.6AI score0.00058EPSS

CVE•added 2002/03/09 5:0 a.m.•36 views

CVE-1999-1208

Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.

7.2CVSS7.7AI score0.03775EPSS

CVE•added 2002/05/03 4:0 a.m.•36 views

CVE-2001-1330

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.

7.2CVSS7.3AI score0.00052EPSS

CVE•added 2002/08/12 4:0 a.m.•36 views

CVE-2002-0744

namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.

10CVSS7.3AI score0.00609EPSS

CVE•added 2005/03/26 5:0 a.m.•36 views

CVE-2002-1619

Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).

5CVSS7.1AI score0.01413EPSS

CVE•added 2005/06/21 4:0 a.m.•36 views

CVE-2002-1687

Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.

2.1CVSS6.9AI score0.0006EPSS

CVE•added 2004/03/29 5:0 a.m.•36 views

CVE-2003-0170

Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.

10CVSS6.8AI score0.01176EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2004-2697

The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

6.9CVSS7.1AI score0.00698EPSS

CVE•added 2008/01/31 8:0 p.m.•36 views

CVE-2008-0509

Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.

4.4CVSS7.2AI score0.00153EPSS

CVE•added 2008/12/09 12:30 a.m.•36 views

CVE-2008-5387

Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.

6.2CVSS6.6AI score0.00049EPSS

CVE•added 2009/01/30 7:30 p.m.•36 views

CVE-2009-0370

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."

7.2CVSS6.4AI score0.00066EPSS

CVE•added 2017/02/15 7:59 p.m.•36 views

CVE-2016-8944

IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

5.5CVSS5.2AI score0.00051EPSS

CVE•added 2001/09/12 4:0 a.m.•35 views

CVE-1999-1552

dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.

7.2CVSS7.2AI score0.00149EPSS

CVE•added 2001/01/22 5:0 a.m.•35 views

CVE-2000-0873

netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.

2.1CVSS6.8AI score0.01164EPSS

CVE•added 2002/06/25 4:0 a.m.•35 views

CVE-2001-1096

Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.

4.6CVSS7.1AI score0.00103EPSS

CVE•added 2002/08/12 4:0 a.m.•35 views

CVE-2002-0742

Buffer overflow in pioout on AIX 4.3.3.

10CVSS7.3AI score0.00609EPSS

CVE•added 2002/08/12 4:0 a.m.•35 views

CVE-2002-0747

Buffer overflow in lsmcode in AIX 4.3.3.

10CVSS7.3AI score0.10937EPSS

CVE•added 2004/09/01 4:0 a.m.•35 views

CVE-2002-1468

Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.

10CVSS7.9AI score0.10655EPSS

CVE•added 2005/03/26 5:0 a.m.•35 views

CVE-2002-1622

Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."

7.5CVSS7.6AI score0.01751EPSS

CVE•added 2004/02/03 5:0 a.m.•35 views

CVE-2003-0119

The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.

7.5CVSS6.7AI score0.01093EPSS

CVE•added 2007/02/16 1:28 a.m.•35 views

CVE-2007-0978

Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.

7.2CVSS6.5AI score0.00058EPSS

CVE•added 2007/08/08 10:17 p.m.•35 views

CVE-2007-4236

Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.

6.9CVSS6.9AI score0.00053EPSS

CVE•added 2007/09/10 9:17 p.m.•35 views

CVE-2007-4798

Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix".

6.6CVSS6.1AI score0.00048EPSS

CVE•added 2007/11/05 5:46 p.m.•35 views

CVE-2007-5804

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.

6.9CVSS6.3AI score0.0005EPSS

CVE•added 2008/03/31 11:44 p.m.•35 views

CVE-2008-1597

The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."

4.9CVSS5.9AI score0.00048EPSS

CVE•added 2008/06/02 9:30 p.m.•35 views

CVE-2008-2515

Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."

7.2CVSS6AI score0.00064EPSS

CVE•added 2008/12/09 12:30 a.m.•35 views

CVE-2008-5385

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

6.9CVSS6.1AI score0.0004EPSS

CVE•added 2003/04/02 5:0 a.m.•34 views

CVE-2002-0790

clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.

2.1CVSS7.2AI score0.00125EPSS

CVE•added 2006/08/21 8:4 p.m.•34 views

CVE-2006-4254

Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors.

7.5CVSS6.2AI score0.01768EPSS

CVE•added 2006/09/27 1:7 a.m.•34 views

CVE-2006-5011

Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".

7.2CVSS7AI score0.00043EPSS

CVE•added 2007/09/10 9:17 p.m.•34 views

CVE-2007-4795

Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.

7.2CVSS6.6AI score0.00051EPSS

CVE•added 2007/09/10 9:17 p.m.•34 views

CVE-2007-4799

The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.

4.9CVSS6.3AI score0.00048EPSS

CVE•added 2007/11/05 5:46 p.m.•34 views

CVE-2007-5805

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this ...

6.9CVSS6.3AI score0.0005EPSS

CVE•added 2008/02/05 3:0 a.m.•34 views

CVE-2008-0586

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh.

7.2CVSS6.5AI score0.00055EPSS

CVE•added 2008/03/31 11:44 p.m.•34 views

CVE-2008-1595

The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.

4.9CVSS5.8AI score0.00046EPSS

CVE•added 2009/04/21 4:24 p.m.•34 views

CVE-2009-1355

Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.

7.2CVSS6.6AI score0.00071EPSS

Total number of security vulnerabilities387