VYPR

Aix

by IBM

CVEs (402)

  • CVE-2018-1383CriFeb 13, 2018
    risk 0.59cvss 9.1epss 0.03

    A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.

  • CVE-1999-0038HigApr 26, 1997
    risk 0.58cvss 8.4epss 0.01

    Buffer overflow in xlock program allows local users to execute commands as root.

  • CVE-2016-8972HigFeb 15, 2017
    risk 0.54cvss 7.8epss 0.01

    IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

  • CVE-2016-6079HigFeb 15, 2017
    risk 0.54cvss 7.8epss 0.02

    IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

  • CVE-2016-3053HigFeb 1, 2017
    risk 0.54cvss 7.8epss 0.02

    IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.

  • CVE-2017-1692HigFeb 7, 2018
    risk 0.51cvss 7.8epss 0.00

    IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.

  • CVE-2017-1093HigFeb 2, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.

  • CVE-1999-0022HigJul 3, 1996
    risk 0.51cvss 7.8epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via expstr() function.

  • CVE-2017-1541HigOct 4, 2017
    risk 0.48cvss 7.3epss 0.02

    A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.

  • CVE-2016-6038MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2016-8944MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

  • CVE-1999-0011MedApr 8, 1998
    risk 0.36cvss 5.4epss 0.05

    Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

  • CVE-2014-3566LowOct 15, 2014
    risk 0.33cvss 3.4epss 1.00

    The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • CVE-1999-0524MedAug 1, 1997
    risk 0.29cvss 4.0epss 0.32

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  • CVE-2018-1655MedJun 22, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.

  • CVE-2016-0281LowAug 8, 2016
    risk 0.25cvss 3.7epss 0.08

    The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.

  • CVE-2016-0266LowAug 8, 2016
    risk 0.24cvss 3.7epss 0.01

    IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

  • CVE-2001-0797Dec 12, 2001
    risk 0.10cvss epss 0.89

    Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

  • CVE-1999-0513Jan 5, 1998
    risk 0.09cvss epss 0.70

    ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

  • CVE-1999-0128Dec 18, 1996
    risk 0.09cvss epss 0.74

    Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Page 1 of 21