Aix
by IBM
CVEs (402)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4799 | 0.00 | — | 0.00 | Sep 10, 2007 | The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations. | |||
| CVE-2007-4793 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4355 | 0.00 | — | 0.00 | Aug 15, 2007 | Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4354 | 0.00 | — | 0.00 | Aug 15, 2007 | Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4353 | 0.00 | — | 0.00 | Aug 15, 2007 | Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods. | |||
| CVE-2007-4228 | 0.00 | — | 0.00 | Aug 8, 2007 | rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument. | |||
| CVE-2007-4237 | 0.00 | — | 0.00 | Aug 8, 2007 | Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges. | |||
| CVE-2007-4238 | 0.00 | — | 0.00 | Aug 8, 2007 | AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit. | |||
| CVE-2007-4236 | 0.00 | — | 0.00 | Aug 8, 2007 | Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges. | |||
| CVE-2007-3680 | 0.00 | — | 0.00 | Jul 11, 2007 | Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable. | |||
| CVE-2007-2996 | 0.00 | — | 0.00 | Jun 4, 2007 | Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships… | |||
| CVE-2007-2995 | 0.00 | — | 0.01 | Jun 4, 2007 | Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. | |||
| CVE-2007-1798 | 0.00 | — | 0.00 | Apr 2, 2007 | Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name. | |||
| CVE-2007-0978 | 0.00 | — | 0.00 | Feb 16, 2007 | Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data. | |||
| CVE-2007-0670 | 0.00 | — | 0.00 | Feb 3, 2007 | Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin. | |||
| CVE-2007-0618 | 0.00 | — | 0.02 | Jan 31, 2007 | Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." | |||
| CVE-2007-0392 | 0.00 | — | 0.00 | Jan 19, 2007 | IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||
| CVE-2006-6914 | 0.00 | — | 0.01 | Dec 31, 2006 | Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors. | |||
| CVE-2006-6915 | 0.00 | — | 0.01 | Dec 31, 2006 | ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources. | |||
| CVE-2006-5011 | 0.00 | — | 0.00 | Sep 27, 2006 | Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". |
- CVE-2007-4799Sep 10, 2007risk 0.00cvss —epss 0.00
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
- CVE-2007-4793Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4355Aug 15, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4354Aug 15, 2007risk 0.00cvss —epss 0.00
Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4353Aug 15, 2007risk 0.00cvss —epss 0.00
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.
- CVE-2007-4228Aug 8, 2007risk 0.00cvss —epss 0.00
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
- CVE-2007-4237Aug 8, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
- CVE-2007-4238Aug 8, 2007risk 0.00cvss —epss 0.00
AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.
- CVE-2007-4236Aug 8, 2007risk 0.00cvss —epss 0.00
Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
- CVE-2007-3680Jul 11, 2007risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable.
- CVE-2007-2996Jun 4, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships…
- CVE-2007-2995Jun 4, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.
- CVE-2007-1798Apr 2, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.
- CVE-2007-0978Feb 16, 2007risk 0.00cvss —epss 0.00
Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.
- CVE-2007-0670Feb 3, 2007risk 0.00cvss —epss 0.00
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
- CVE-2007-0618Jan 31, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
- CVE-2007-0392Jan 19, 2007risk 0.00cvss —epss 0.00
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
- CVE-2006-6914Dec 31, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.
- CVE-2006-6915Dec 31, 2006risk 0.00cvss —epss 0.01
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.
- CVE-2006-5011Sep 27, 2006risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".
Page 13 of 21