Aix Security Vulnerabilities and Issues — Aix CVE List

Lucene search

IbmAix

15 matches found

CVE•added 2004/05/04 4:0 a.m.•57 views

CVE-2004-0368

Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.

10CVSS7.3AI score0.54074EPSS

CVE•added 2004/08/06 4:0 a.m.•54 views

CVE-2004-0545

LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.

7.2CVSS6.4AI score0.0005EPSS

CVE•added 2004/09/01 4:0 a.m.•53 views

CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary...

7.5CVSS7.2AI score0.00871EPSS

CVE•added 2004/11/03 5:0 a.m.•48 views

CVE-2004-0828

The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.

2.1CVSS6.3AI score0.00063EPSS

CVE•added 2004/04/15 4:0 a.m.•47 views

CVE-2003-0257

Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.

7.2CVSS6.8AI score0.00049EPSS

CVE•added 2004/03/29 5:0 a.m.•46 views

CVE-2003-1018

Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.

7.2CVSS6.6AI score0.00053EPSS

CVE•added 2004/08/06 4:0 a.m.•43 views

CVE-2004-0544

Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.

7.2CVSS6.8AI score0.00701EPSS

CVE•added 2004/11/23 5:0 a.m.•42 views

CVE-2004-0243

AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.

5CVSS7.3AI score0.00683EPSS

CVE•added 2004/09/01 4:0 a.m.•40 views

CVE-2002-1548

Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."

7.2CVSS7.9AI score0.00062EPSS

CVE•added 2004/09/01 4:0 a.m.•39 views

CVE-1999-1486

sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.9AI score0.00088EPSS

CVE•added 2004/01/20 5:0 a.m.•38 views

CVE-2003-0696

The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).

5CVSS6.8AI score0.00543EPSS

CVE•added 2004/03/29 5:0 a.m.•36 views

CVE-2003-0170

Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.

10CVSS6.8AI score0.01176EPSS

CVE•added 2004/09/01 4:0 a.m.•35 views

CVE-2002-1468

Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.

10CVSS7.9AI score0.10655EPSS

CVE•added 2004/02/03 5:0 a.m.•35 views

CVE-2003-0119

The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.

7.5CVSS6.7AI score0.01093EPSS

CVE•added 2004/09/01 4:0 a.m.•31 views

CVE-2002-1550

dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6CVSS6.5AI score0.00061EPSS