Aix Security Vulnerabilities and Issues — Aix CVE List

Lucene search

IbmAix

5 matches found

CVE•added 2014/10/15 12:55 a.m.•843 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.9413EPSS

CVE•added 2014/07/02 10:35 a.m.•81 views

CVE-2014-3074

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

7.2CVSS5.9AI score0.00081EPSS

CVE•added 2014/05/08 10:55 a.m.•59 views

CVE-2014-0930

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

4.7CVSS5.7AI score0.00112EPSS

CVE•added 2014/06/08 11:55 p.m.•53 views

CVE-2014-3977

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

6.9CVSS6AI score0.00223EPSS

CVE•added 2014/03/11 1:1 p.m.•41 views

CVE-2014-0899

ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.

6.5CVSS6.3AI score0.00297EPSS