39 matches found
CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2021-38955
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.
CVE-2000-1119
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
CVE-2014-0930
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.
CVE-2003-0914
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
CVE-1999-0094
AIX piodmgrsu command allows local users to gain additional group privileges.
CVE-2016-0266
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-1999-0129
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
CVE-2006-0674
Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.
CVE-2021-29693
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.
CVE-1999-1079
Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.
CVE-2006-6915
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.
CVE-2012-2192
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
CVE-2016-0281
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
CVE-2001-1095
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
CVE-2006-0666
Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.
CVE-2005-2232
Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.
CVE-2007-0392
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
CVE-2008-1594
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
CVE-2007-2995
Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.
CVE-2009-0536
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
CVE-2012-0723
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
CVE-2007-4228
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
CVE-2007-0670
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
CVE-2011-1375
IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call.
CVE-2006-0667
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.
CVE-2008-0509
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
CVE-2001-1096
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
CVE-2008-1597
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
CVE-2007-4799
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
CVE-2008-1595
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
CVE-2006-5007
Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.
CVE-2008-0589
The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.
CVE-2001-0573
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
CVE-2008-1598
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.
CVE-2002-1550
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2008-2514
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.
CVE-2011-0637
The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors.
CVE-2002-1551
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.