Aix
by IBM
CVEs (402)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0263 | 0.03 | — | 0.01 | May 2, 2005 | Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument. | |||
| CVE-2005-0156 | 0.03 | — | 0.01 | Feb 7, 2005 | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | |||
| CVE-2004-1054 | 0.03 | — | 0.01 | Jan 10, 2005 | Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. | |||
| CVE-2004-1330 | 0.03 | — | 0.01 | Dec 31, 2004 | Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. | |||
| CVE-2004-2312 | 0.03 | — | 0.01 | Dec 31, 2004 | Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. | |||
| CVE-2004-2697 | 0.03 | — | 0.01 | Dec 31, 2004 | The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. | |||
| CVE-2004-1329 | 0.03 | — | 0.03 | Dec 20, 2004 | Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. | |||
| CVE-2004-0544 | 0.03 | — | 0.01 | Aug 6, 2004 | Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. | |||
| CVE-2002-1468 | 0.03 | — | 0.04 | Apr 22, 2003 | Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root. | |||
| CVE-2003-0087 | 0.03 | — | 0.01 | Mar 3, 2003 | Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. | |||
| CVE-2002-0747 | 0.03 | — | 0.06 | Aug 12, 2002 | Buffer overflow in lsmcode in AIX 4.3.3. | |||
| CVE-2001-1080 | 0.03 | — | 0.06 | Jun 19, 2001 | diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. | |||
| CVE-2000-1121 | 0.03 | — | 0.01 | Jan 9, 2001 | Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument. | |||
| CVE-2000-1119 | 0.03 | — | 0.01 | Jan 9, 2001 | Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument. | |||
| CVE-2000-1120 | 0.03 | — | 0.01 | Jan 9, 2001 | Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands. | |||
| CVE-2000-1124 | 0.03 | — | 0.01 | Jan 9, 2001 | Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables. | |||
| CVE-2000-0873 | 0.03 | — | 0.01 | Nov 14, 2000 | netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. | |||
| CVE-1999-0693 | 0.03 | — | 0.01 | Mar 2, 2000 | Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. | |||
| CVE-1999-1117 | 0.03 | — | 0.01 | Dec 31, 1999 | lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. | |||
| CVE-1999-0789 | 0.03 | — | 0.03 | Sep 28, 1999 | Buffer overflow in AIX ftpd in the libc library. |
- CVE-2005-0263May 2, 2005risk 0.03cvss —epss 0.01
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.
- CVE-2005-0156Feb 7, 2005risk 0.03cvss —epss 0.01
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
- CVE-2004-1054Jan 10, 2005risk 0.03cvss —epss 0.01
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
- CVE-2004-1330Dec 31, 2004risk 0.03cvss —epss 0.01
Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.
- CVE-2004-2312Dec 31, 2004risk 0.03cvss —epss 0.01
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.
- CVE-2004-2697Dec 31, 2004risk 0.03cvss —epss 0.01
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.
- CVE-2004-1329Dec 20, 2004risk 0.03cvss —epss 0.03
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
- CVE-2004-0544Aug 6, 2004risk 0.03cvss —epss 0.01
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.
- CVE-2002-1468Apr 22, 2003risk 0.03cvss —epss 0.04
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
- CVE-2003-0087Mar 3, 2003risk 0.03cvss —epss 0.01
Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.
- CVE-2002-0747Aug 12, 2002risk 0.03cvss —epss 0.06
Buffer overflow in lsmcode in AIX 4.3.3.
- CVE-2001-1080Jun 19, 2001risk 0.03cvss —epss 0.06
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
- CVE-2000-1121Jan 9, 2001risk 0.03cvss —epss 0.01
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.
- CVE-2000-1119Jan 9, 2001risk 0.03cvss —epss 0.01
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
- CVE-2000-1120Jan 9, 2001risk 0.03cvss —epss 0.01
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
- CVE-2000-1124Jan 9, 2001risk 0.03cvss —epss 0.01
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
- CVE-2000-0873Nov 14, 2000risk 0.03cvss —epss 0.01
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
- CVE-1999-0693Mar 2, 2000risk 0.03cvss —epss 0.01
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
- CVE-1999-1117Dec 31, 1999risk 0.03cvss —epss 0.01
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
- CVE-1999-0789Sep 28, 1999risk 0.03cvss —epss 0.03
Buffer overflow in AIX ftpd in the libc library.
Page 6 of 21