Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:ibm:vios:2.2.1.4:*:*:*:*:*:*:*
There are 16 matching records.
Displaying matches 1 through 16.
Vuln ID Summary CVSS Severity
CVE-2016-8972

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

Published: February 15, 2017; 2:59:01 PM -0500
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-6079

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

Published: February 15, 2017; 2:59:00 PM -0500
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-0281

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.

Published: August 07, 2016; 9:59:02 PM -0400
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2016-0266

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

Published: August 07, 2016; 9:59:00 PM -0400
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2014-8904

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

Published: January 15, 2015; 5:59:03 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Published: October 14, 2014; 8:55:02 PM -0400
V3.1: 3.4 LOW
V2.0: 4.3 MEDIUM
CVE-2014-3074

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

Published: July 02, 2014; 6:35:25 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-3977

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

Published: June 08, 2014; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-0930

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

Published: May 08, 2014; 6:55:03 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-3035

The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.

Published: June 21, 2013; 10:55:01 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2012-4845

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

Published: October 20, 2012; 6:41:27 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-4833

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

Published: October 01, 2012; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-4817

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

Published: September 14, 2012; 7:55:15 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0723

The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.

Published: July 30, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2012-2200

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.

Published: June 27, 2012; 6:18:37 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-2192

The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.

Published: June 20, 2012; 6:27:28 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM