by IBM
CVEs (393)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-1999-0038 | Hig | 0.58 | 8.4 | 0.00 | Apr 26, 1997 | Buffer overflow in xlock program allows local users to execute commands as root. | |
| CVE-2016-8972 | Hig | 0.54 | 7.8 | 0.01 | Feb 15, 2017 | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |
| CVE-2016-6079 | Hig | 0.54 | 7.8 | 0.02 | Feb 15, 2017 | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | |
| CVE-2016-3053 | Hig | 0.54 | 7.8 | 0.03 | Feb 1, 2017 | IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |
| CVE-2017-1093 | Hig | 0.51 | 7.8 | 0.00 | Feb 2, 2017 | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. | |
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.00 | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. | |
| CVE-2017-1541 | Hig | 0.47 | 7.3 | 0.00 | Oct 4, 2017 | A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. | |
| CVE-2016-6038 | Med | 0.42 | 6.5 | 0.00 | Sep 26, 2016 | Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. | |
| CVE-2016-8944 | Med | 0.36 | 5.5 | 0.00 | Feb 15, 2017 | IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. | |
| CVE-1999-0011 | Med | 0.36 | 5.4 | 0.11 | Apr 8, 1998 | Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | |
| CVE-2014-3566 | Low | 0.33 | 3.4 | 0.94 | Oct 15, 2014 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |
| CVE-2016-0281 | Low | 0.24 | 3.7 | 0.04 | Aug 8, 2016 | The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | |
| CVE-2016-0266 | Low | 0.24 | 3.7 | 0.01 | Aug 8, 2016 | IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |
| CVE-2001-0797 | 0.10 | — | 0.89 | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. | ||
| CVE-1999-0003 | 0.10 | — | 0.91 | Apr 1, 1998 | Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). | ||
| CVE-2010-3187 | 0.09 | — | 0.80 | Aug 30, 2010 | Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command. | ||
| CVE-2009-3699 | 0.09 | — | 0.79 | Oct 15, 2009 | Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd. | ||
| CVE-2009-2727 | 0.09 | — | 0.78 | Aug 10, 2009 | Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15. | ||
| CVE-2003-0694 | 0.09 | — | 0.76 | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | ||
| CVE-1999-0009 | 0.09 | — | 0.80 | Apr 8, 1998 | Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |