U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 107 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2014-3074

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

Published: July 02, 2014; 6:35:25 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-3977

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

Published: June 08, 2014; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-0930

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

Published: May 08, 2014; 6:55:03 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-5419

Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.

Published: October 04, 2013; 6:44:07 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2013-4011

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

Published: July 18, 2013; 12:51:55 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3005

The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.

Published: July 06, 2013; 9:57:36 AM -0400
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2013-3035

The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.

Published: June 21, 2013; 10:55:01 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2012-4845

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

Published: October 20, 2012; 6:41:27 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-4833

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

Published: October 01, 2012; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-4817

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

Published: September 14, 2012; 7:55:15 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0723

The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.

Published: July 30, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2012-2200

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.

Published: June 27, 2012; 6:18:37 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-2179

libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Published: June 22, 2012; 6:24:07 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2012-2192

The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.

Published: June 20, 2012; 6:27:28 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2012-0745

The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.

Published: May 04, 2012; 12:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-1796

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.

Published: March 20, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-0711

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.

Published: March 20, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-1385

IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.

Published: March 02, 2012; 5:55:01 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2012-0194

The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.

Published: February 06, 2012; 3:55:02 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2011-1384

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

Published: January 03, 2012; 10:55:04 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM