Vios@2.2.1.3 Security Vulnerabilities and Issues — Vios@2.2.1.3 CVE List

Lucene search

IbmVios2.2.1.3

12 matches found

CVE•added 2014/10/15 12:55 a.m.•842 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.9413EPSS

CVE•added 2015/01/15 10:59 p.m.•87 views

CVE-2014-8904

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

7.2CVSS6AI score0.0056EPSS

CVE•added 2014/07/02 10:35 a.m.•81 views

CVE-2014-3074

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

7.2CVSS5.9AI score0.00081EPSS

CVE•added 2017/02/15 7:59 p.m.•76 views

CVE-2016-8972

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

7.8CVSS7.5AI score0.00627EPSS

CVE•added 2017/02/15 7:59 p.m.•62 views

CVE-2016-6079

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

7.8CVSS7.2AI score0.02047EPSS

CVE•added 2014/05/08 10:55 a.m.•59 views

CVE-2014-0930

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

4.7CVSS5.7AI score0.00112EPSS

CVE•added 2014/06/08 11:55 p.m.•53 views

CVE-2014-3977

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

6.9CVSS6AI score0.00223EPSS

CVE•added 2016/08/08 1:59 a.m.•53 views

CVE-2016-0266

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

4.3CVSS3.7AI score0.007EPSS

CVE•added 2012/05/04 4:55 p.m.•47 views

CVE-2012-0745

The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.

7.2CVSS6.1AI score0.00082EPSS

CVE•added 2016/08/08 1:59 a.m.•45 views

CVE-2016-0281

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.

4.3CVSS4.1AI score0.02821EPSS

CVE•added 2012/09/14 11:55 p.m.•44 views

CVE-2012-4817

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

5CVSS6.6AI score0.02437EPSS

CVE•added 2012/03/02 10:55 p.m.•39 views

CVE-2011-1385

IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.

7.8CVSS6.2AI score0.0527EPSS