Aix Security Vulnerabilities and Issues — Aix CVE List

Lucene search

IbmAix

10 matches found

CVE•added 2012/06/22 10:24 a.m.•57 views

CVE-2012-2179

libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

6.9CVSS5.8AI score0.00223EPSS

CVE•added 2012/02/06 8:55 p.m.•52 views

CVE-2012-0194

The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.

7.1CVSS6.3AI score0.01658EPSS

CVE•added 2012/10/20 10:41 a.m.•52 views

CVE-2012-4845

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

6.8CVSS6.1AI score0.00569EPSS

CVE•added 2012/06/27 10:18 a.m.•48 views

CVE-2012-2200

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.

7.2CVSS6.4AI score0.00114EPSS

CVE•added 2012/05/04 4:55 p.m.•47 views

CVE-2012-0745

The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.

7.2CVSS6.1AI score0.00082EPSS

CVE•added 2012/06/20 10:27 a.m.•45 views

CVE-2012-2192

The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.

4.9CVSS6AI score0.00062EPSS

CVE•added 2012/09/14 11:55 p.m.•44 views

CVE-2012-4817

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

5CVSS6.6AI score0.02437EPSS

CVE•added 2012/10/01 6:55 p.m.•44 views

CVE-2012-4833

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

2.1CVSS6AI score0.00054EPSS

CVE•added 2012/07/30 7:55 p.m.•41 views

CVE-2012-0723

The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.

4.9CVSS5.8AI score0.00065EPSS

CVE•added 2012/03/02 10:55 p.m.•39 views

CVE-2011-1385

IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.

7.8CVSS6.2AI score0.0527EPSS