Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 9/21/2014 4:07:10 AM

CVE Publication rate: 29.77

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 9.45
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
CVE-2014-0930

Summary: The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

Published: 5/8/2014 6:55:03 AM

CVSS Severity: 4.7 MEDIUM
CVE-2012-4817

Summary: The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

Published: 9/14/2012 7:55:15 PM

CVSS Severity: 5.0 MEDIUM
CVE-2012-0723

Summary: The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.

Published: 7/30/2012 3:55:01 PM

CVSS Severity: 4.9 MEDIUM
CVE-2012-2179

Summary: libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Published: 6/22/2012 6:24:07 AM

CVSS Severity: 6.9 MEDIUM
CVE-2012-2192

Summary: The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.

Published: 6/20/2012 6:27:28 AM

CVSS Severity: 4.9 MEDIUM
CVE-2012-0745

Summary: The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.

Published: 5/4/2012 12:55:01 PM

CVSS Severity: 7.2 HIGH
CVE-2011-1385

Summary: IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.

Published: 3/2/2012 5:55:01 PM

CVSS Severity: 7.8 HIGH
CVE-2012-0194

Summary: The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.

Published: 2/6/2012 3:55:02 PM

CVSS Severity: 7.1 HIGH
CVE-2011-1384

Summary: The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

Published: 1/3/2012 10:55:04 PM

CVSS Severity: 4.0 MEDIUM
CVE-2010-3406

Summary: Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.

Published: 9/16/2010 5:00:01 PM

CVSS Severity: 1.7 LOW
CVE-2010-3405

Summary: Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.

Published: 9/16/2010 5:00:01 PM

CVSS Severity: 6.8 MEDIUM
CVE-2010-3187

Summary: Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.

Published: 8/30/2010 4:00:04 PM

CVSS Severity: 10.0 HIGH
CVE-2010-1039

Summary: Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

Published: 5/20/2010 1:30:01 PM

CVSS Severity: 10.0 HIGH
CVE-2010-1124

Summary: bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on "systems with databases cataloged with alternate servers using IP addresses."

Published: 3/26/2010 2:30:00 PM

CVSS Severity: 7.8 HIGH
CVE-2010-0922

Summary: Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service (LDAP login failure) via unknown vectors. NOTE: some of these details are obtained from third party information. NOTE: there may be no attacker role, and the issue may be triggered entirely by an administrator's installation of an official service pack.

Published: 3/3/2010 2:30:00 PM

CVSS Severity: 7.8 HIGH
CVE-2009-3699

Summary: Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Published: 10/15/2009 6:30:01 AM

CVSS Severity: 10.0 HIGH
CVE-2009-2727

Summary: Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

Published: 8/10/2009 7:30:00 PM

CVSS Severity: 9.3 HIGH
CVE-2009-2669

Summary: A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

Published: 8/5/2009 3:30:01 PM

CVSS Severity: 7.2 HIGH
CVE-2009-2434

Summary: Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

Published: 7/13/2009 10:30:00 AM

CVSS Severity: 7.2 HIGH
CVE-2009-1954

Summary: Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli.

Published: 6/7/2009 9:00:00 PM

CVSS Severity: 7.8 HIGH