Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2005-3396 |
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument. Published: November 01, 2005; 7:47:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3289 |
LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file. Published: October 23, 2005; 6:02:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-3060 |
Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors. Published: September 30, 2005; 3:10:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-2232 |
Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. Published: July 12, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2005-2233 |
Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare. Published: July 12, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-2234 |
Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. Published: July 12, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-2235 |
Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. Published: July 12, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-2236 |
Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. Published: July 12, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-2237 |
Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. Published: July 12, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-2238 |
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports. Published: July 12, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-0250 |
Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-0262 |
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-0263 |
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-0991 |
RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-0261 |
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files. Published: February 10, 2005; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-0156 |
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. Published: February 07, 2005; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-1028 |
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. Published: January 10, 2005; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2004-1054 |
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. Published: January 10, 2005; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2004-1330 |
Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. Published: December 31, 2004; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2004-1329 |
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. Published: December 20, 2004; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |