Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 10/21/2014 11:52:18 PM

CVE Publication rate: 54.6

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 15.27
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
CVE-2014-3074

Summary: The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

Published: 7/2/2014 6:35:25 AM

CVSS Severity: 7.2 HIGH
CVE-2014-3977

Summary: libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

Published: 6/8/2014 7:55:04 PM

CVSS Severity: 6.9 MEDIUM
CVE-2014-0930

Summary: The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

Published: 5/8/2014 6:55:03 AM

CVSS Severity: 4.7 MEDIUM
CVE-2013-5419

Summary: Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.

Published: 10/4/2013 6:44:07 AM

CVSS Severity: 6.9 MEDIUM
CVE-2013-4011

Summary: Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

Published: 7/18/2013 12:51:55 PM

CVSS Severity: 7.2 HIGH
CVE-2013-3005

Summary: The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.

Published: 7/6/2013 9:57:36 AM

CVSS Severity: 8.5 HIGH
CVE-2013-3035

Summary: The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.

Published: 6/21/2013 10:55:01 AM

CVSS Severity: 7.1 HIGH
CVE-2012-4845

Summary: The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

Published: 10/20/2012 6:41:27 AM

CVSS Severity: 6.8 MEDIUM
CVE-2012-4833

Summary: fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

Published: 10/1/2012 2:55:01 PM

CVSS Severity: 2.1 LOW
CVE-2012-4817

Summary: The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

Published: 9/14/2012 7:55:15 PM

CVSS Severity: 5.0 MEDIUM
CVE-2012-0723

Summary: The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.

Published: 7/30/2012 3:55:01 PM

CVSS Severity: 4.9 MEDIUM
CVE-2012-2200

Summary: The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.

Published: 6/27/2012 6:18:37 AM

CVSS Severity: 7.2 HIGH
CVE-2012-2179

Summary: libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Published: 6/22/2012 6:24:07 AM

CVSS Severity: 6.9 MEDIUM
CVE-2012-2192

Summary: The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.

Published: 6/20/2012 6:27:28 AM

CVSS Severity: 4.9 MEDIUM
CVE-2012-0745

Summary: The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.

Published: 5/4/2012 12:55:01 PM

CVSS Severity: 7.2 HIGH
CVE-2011-1385

Summary: IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.

Published: 3/2/2012 5:55:01 PM

CVSS Severity: 7.8 HIGH
CVE-2012-0194

Summary: The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.

Published: 2/6/2012 3:55:02 PM

CVSS Severity: 7.1 HIGH
CVE-2011-1384

Summary: The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

Published: 1/3/2012 10:55:04 PM

CVSS Severity: 4.0 MEDIUM
CVE-2011-1375

Summary: IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call.

Published: 11/11/2011 4:55:00 PM

CVSS Severity: 4.9 MEDIUM
CVE-2011-3982

Summary: The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs.

Published: 10/4/2011 10:56:24 PM

CVSS Severity: 2.1 LOW