VYPR

Aix

by IBM

CVEs (402)

  • CVE-2014-3977Jun 8, 2014
    risk 0.03cvss epss 0.01

    libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

  • CVE-2013-4011Jul 18, 2013
    risk 0.03cvss epss 0.03

    Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

  • CVE-2012-2179Jun 22, 2012
    risk 0.03cvss epss 0.02

    libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

  • CVE-2009-2669Aug 5, 2009
    risk 0.03cvss epss 0.01

    A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with…

  • CVE-2009-1786May 26, 2009
    risk 0.03cvss epss 0.01

    The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.

  • CVE-2007-4004Jul 26, 2007
    risk 0.03cvss epss 0.01

    Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.

  • CVE-2007-4003Jul 26, 2007
    risk 0.03cvss epss 0.02

    pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.

  • CVE-2007-3333Jul 26, 2007
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.

  • CVE-2006-0133Jan 9, 2006
    risk 0.03cvss epss 0.01

    Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability…

  • CVE-2005-2232Jul 12, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.

  • CVE-2005-2236Jul 12, 2005
    risk 0.03cvss epss 0.01

    Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.

  • CVE-2005-0262May 2, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.

  • CVE-2005-0263May 2, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.

  • CVE-2005-0156Feb 7, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

  • CVE-2004-1054Jan 10, 2005
    risk 0.03cvss epss 0.01

    Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.

  • CVE-2004-1330Dec 31, 2004
    risk 0.03cvss epss 0.01

    Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.

  • CVE-2004-2312Dec 31, 2004
    risk 0.03cvss epss 0.01

    Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.

  • CVE-2004-2697Dec 31, 2004
    risk 0.03cvss epss 0.01

    The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

  • CVE-2004-1329Dec 20, 2004
    risk 0.03cvss epss 0.03

    Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.

  • CVE-2004-0544Aug 6, 2004
    risk 0.03cvss epss 0.01

    Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.

Page 3 of 21