Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-0281 |
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. Published: August 07, 2016; 9:59:02 PM -0400 |
V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2016-0266 |
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Published: August 07, 2016; 9:59:00 PM -0400 |
V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2015-5005 |
CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list. Published: November 08, 2015; 5:59:14 PM -0500 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2015-4948 |
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors. Published: October 15, 2015; 9:59:02 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-3318 |
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors. Published: June 17, 2015; 6:59:03 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-3317 |
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors. Published: June 17, 2015; 6:59:02 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-3316 |
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. Published: June 17, 2015; 6:59:01 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2014-8904 |
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. Published: January 15, 2015; 5:59:03 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-3566 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Published: October 14, 2014; 8:55:02 PM -0400 |
V3.1: 3.4 LOW V2.0: 4.3 MEDIUM |
CVE-2014-4805 |
IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. Published: September 04, 2014; 6:55:07 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-3074 |
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. Published: July 02, 2014; 6:35:25 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-3977 |
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. Published: June 08, 2014; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-0930 |
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. Published: May 08, 2014; 6:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2013-5419 |
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. Published: October 04, 2013; 6:44:07 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2013-4011 |
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat. Published: July 18, 2013; 12:51:55 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-3005 |
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. Published: July 06, 2013; 9:57:36 AM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2013-3035 |
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface. Published: June 21, 2013; 10:55:01 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2012-4845 |
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. Published: October 20, 2012; 6:41:27 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4833 |
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. Published: October 01, 2012; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-4817 |
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. Published: September 14, 2012; 7:55:15 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |